NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Key Considerations for Benchmarking Network Storage Performance

OpenZFS 2.3.0 available

News Roundup

Updates on AsiaBSDCon 2025 - Cancelled -

GhostBSD Desktop Conference

Recovering from external zroot

Create a new issue in a Github repository with Ansible

Stories I refuse to believe

Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

Feedback - Nelson - Ada/GCC

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

AsiaBSDCon 2023 Trip Report

Converting My X201 ThinkPad into a Slabtop

News Roundup

Stream your OpenBSD desktop audio to other devices

The Gnome and Its "Secret Place"

ttyload - Linux/Unix color-coded graphical tracking tool for load average in a terminal

Beastie Bits

• [OpenIndiana with a Sun Microsystems 22" LCD monitor. Running on a 1.8GHz quad core AMD Phenom 9100e processor, 4Gb RAM, nVidia GEForce GT630.](https://www.reddit.com/r/unix/comments/13otjnt/openindiana_with_a_sun_microsystems_22_lcd/)
• [cron(8) now supports random ranges with steps](https://www.undeadly.org/cgi?action=article;sid=20230507122935&utm_source=bsdweekly)
• [BSDCan 2024 Reorganization](https://mwl.io/archives/22799)
• [Depenguin me](https://depenguin.me/)

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

This episode was brought to you by

Headlines

OpenBSD website operators urged to fix mind-alteringly bad bug

• We start off a bit light-hearted this week, with the important, breaking news that finally a long-standing OpenBSD bug has been addressed for the HTTP daemon.
• Specifically? It changes the default 404 page fonts away from Comic Sans, to a bit more crowd-pleasing alternative:
  • “For some reason the httpd status pages (e.g. 404) use the Comic Sans typeface. This patch removes comic sans and sets the typeface to the default sans-serif typeface of the client.
  • “This lowers the number of people contacting website maintainers with typeface complaints bordering on harassment”.
• Operators running HTTPD are highly encouraged to update their systems to the latest code, right now……... No seriously, we are waiting for you. Get it done now and then we’ll continue with the show.

Registration for AsiaBSDCon 2016 is now open + Talk Schedule

• After a few delays, the registration for AsiaBSDCon has now opened!
• The conference starts in less than two weeks! now, so be sure to get signed up ASAP.
• In addition the schedule has been posted, and here’s some of the highlights of this year’s conference.
• In addition to FreeBSD and NetBSD dev summits on the first two days, we have some excellent tutorials being given this year by Kirk, Gnn, Dru and more! (https://2016.asiabsdcon.org/program.html.en)
• The regular paper talks also have lots of good ones this year, including this crazy encrypted boot loader one given by our very own Allan Jude! ***

OPENBSD ON AWS : AN UNEXPECTED JOURNEY

• We have a blog post from Antoine Jacoutot, talking about the process of getting OpenBSD up and running in AWS

• It starts with his process of creating an AMI from scratch, which ended up not being that bad:

  • create and loopback-mount a raw image containing a UFS filesystem extract the OpenBSD base sets (which are just regular tarballs) and kernel enable console output (so that one could “aws ec2 get-console-output”)
  • install the boot loader on the image then use the ec2 tools to import the RAW image to S3, convert it into a volume (ec2-import-volume) which we can snapshot (ec2-create-snapshot) and create an AMI from (ec2-register)

• The blog post also has a link to a script which automates this process, so don’t be daunted if you didn’t quite follow all of that.

• Thanks to the recently landed DomU support, the final pieces of the puzzle fell into place, allowing OpenBSD to function as a proper guest (with networking!)

• Next it details the process of injecting a public SSH key into the instances for instant remote access.

• An ec2-init.sh script was created (also on github) which does the following:

  • setting the hostname
  • installing the provided SSH public key to /root/.ssh/authorized_keys
  • executing user-data (if it starts with a shebang)
  • displaying the host SSH fingerprints on the console (to match cloud-init)

• With that done, OpenBSD is pretty much AWS ready! He then gives a brief walkthrough of setting up nginx for new users, but if you’ve already done this before then the instance is ready for you to hacking on.

  ---

Start thinking of ideas for things with FreeBSD for Google's 2016 Summer of Code

• Students and Developers, listen up! It’s time to start thinking about GSoC again, and FreeBSD is looking to update its project ideas page.
• There’s some good ones on the list, plus ones that should be pruned (such as GELI boot), but now is the time to start adding new ones before we get too deep into the process.
• This goes for the other BSD’s as well, start thinking about your proposals, or if you are developer, which projects would be a good fit for mentoring.
• (Improving the Linux Compat layer is one I think should be done!) Guide to getting started with kernel hacking
• One of the things that’s been asked frequently is how to contribute towards the efforts to bring updated DRM / X drivers to the FreeBSD kernel.
• Jean-Sébastien Pédron has started a great guide on the Wiki which details how to get started with the porting effort, and that developers need not be afraid of helping. ***

Storage Summit Roundup

• Earlier this week a number of developers from FreeBSD, as well as various vendors that use FreeBSD, or provide products used with FreeBSD met for a Storage Summit, to discuss the future of these technologies
• The summit was co-located with the USENIX FAST (Filesystems And Storage Technologies) conference
• The summit was sponsored by the FreeBSD Foundation and FlightAware
• After a short introduction, the event opened with a Networking Synergy panel
• The focus of this panel was to see if there were techniques and lessons learned in improving the networking stack over the last 10 years that could be applied to improving the storage stack
• A lot of time was spent discussing issues like multi-queue support, CPU scheduling, and ways to modernize the stack
• CAM Scheduling & Locking Revamp
  • No notes posted
• User Space Storage Stack
  • One of the user space storage stacks discussed was Diskmap
  • Like netmap, but for disks (diskmap)
  • Kernel bypass for accessing disks
  • Ilias Marinos, who is working on diskmap at Cambridge University, described diskmap to the group
• A design discussion then followed in which the memory management was covered as that's an issue for any sort of "IO" map system
  • Action Items:
• Discuss with Luigi the idea of code merges
• Need a reset path API
• Kernel buffer mapping for reliability
• Support for other interfaces (SATA/SCSI)
• GEOM layer adaptation
• Adapting to New Storage Technologies
  • This working group was led by Adrian Palmer, from Seagate
  • SMR
  • Persistent Memory
  • Session 1: Device Identification and the structural requirements
    • Agenda: We'll look over the Identification nuances and what needs to change to support the structure. Support for IO order guarantees, forward-write only requirements, new commands and topology. Dig into CAM and GEOM layers. Solutions should be fast and have as few code paths as possible
    • Results: Small audience. We talked about zoned characteristics, and how it can be used in various workloads, projected to be implemented in years
  • Session 2: Information dissemination and consumption
    • Agenda: Where and how will information from the report_zones command be gathered, stored, combined and used. This will include userspace storage and multi-volume management. Will CAM store this data, or will GEOM? How frequently will this need to be queried/updated/verified from the drive?
    • Results: Merged with ZFS working group to discuss SMR. Came up with idea that could be implemented as circular buffer zone type. Began to discuss solutions among developers
• ZFS
  • During the first session we discussed how to improve dedup support + A dedup throttle or cap was discussed. When the size of the DDT grows beyond this size, new entries would not be deduped.
    • An alternative to this was also discussed, where when the DDT reached the cap size, it would remove a random entry with only a single reference from the DDT to make room for the new entry. When a block is going to be freed, if it is not found in the DDT, it is assumed to have only 1 reference, and removed.
    • There was also discussion of replacing the DDT with an in-memory hash table and a “log” of increment/decrement operations, that is periodically compacted. The hash table is recreated from the log at pool import time. This would reduce the in-memory footprint of the DDT, as well as speed up all write operations as adding an entry to the dedup log will be less expensive than updating the DDT.
    • There was also discussion of using dedicated device(s) for the DDT, either using the DDT on SSD work by Nexenta, or the Metadata Classes work by Intel
  • The first session also discussed Secure Delete and related things
    • The desire for an implementation of TRIM that uses the “secure erase” functionality provided by some disks was expressed
    • Overwriting sectors with patterns of garbage may be insufficient because SSDs may internally remap where a specific LBA physically resides
    • The possibility of using something like the “eager zero” feature to periodically write zeros over all free blocks in the pool to erase any lingering data fragments
    • Problems with the FreeBSD TRIM implementation were discussed, as well as looking at ways to implement the new ZFS TRIM implementation on FreeBSD
    • ABD (ARC Buf Data) was discussed, a new design that lessens the requirement for contiguous memory. Only a small area of contiguous blocks is reserved at boot, and compressed ARC blocks are constructed of scatter-gather lists of individual pages
  • The second session combined with the SMR group and talked about SMR support in ZFS
    • Later in the second session ZFS Encryption was also discussed, mostly with a focus on what the use cases are
  • The third session combined all of the groups for an overview of upcoming ZFS features including device removal and channel programs
  • There was also a request for code review, for mostly finished projects like Persistent L2ARC, Writeback cache, and Large dnode support
• Hallway Track
  • ZFS / VFS Interaction
  • Adrian Palmer has been a FreeBSD hobbyist since FreeBSD 7, and I think I managed to convince him to start contributing ***

News Roundup

One Week with NetBSD 7.0: Back to Unix basics

• The author of this blog series is sending a week using NetBSD 7.0, following a previous series on Solaris 10
• “This is actually familiar territory, as I've been using BSD variants almost exclusively since 2006. My recent SunOS explorations were triggered last summer by OpenBSD having choked on my current laptop's NVIDIA card, and from what I could see at the time, FreeBSD had the same problem, although I now know NVIDIA drivers exist for that system. The thing that keeps me from going all-in with FreeBSD 10.x, however, is the fact that Firefox crashes and leaves "core dump" messages in its wake, and I'm just not a Chrome kinda guy.”
• “For those with a catholic taste in Unix, NetBSD is a keg party at the Vatican. If you're an absolute Unix beginner, or have been living on Ubuntu-based Linux distros for too long, then you may feel stranded at first by NetBSD's sparseness. You'll find yourself staring into the abyss and seeing only a blinking cursor staring back. If you have the presence of mind to type startx, you'll be greeted by twm, a window manager offering little more than an xterm window with the same blinking cursor until you learn how to configure the .twmrc file to include whatever applications you want or need in the right-click menu.”
• “As for NetBSD itself, I can't think of any major productivity applications that can't be installed, and most multimedia stuff works fine.”
• Issues the author hopes to sort out in later posts:
  • Audio playback (youtube videos in Firefox)
  • Wireless
  • Flash
  • Digital Camera SD Card readability, video playback
  • Audacity
  • A “fancy” desktop like Gnome 2, KDE, or xfce
• In a follow-up post, the author got LibreOffice installed and sorted out the audio issues they were having
• In a later follow-up XFCE is up and running as well ***

ZFS is for Containers in Ubuntu 16.04

• As you may have heard, Ubuntu 16.04 will include ZFS -- baked directly into Ubuntu -- supported by Canonical
• “ZFS one of the most beloved features of Solaris, universally coveted by every Linux sysadmin with a Solaris background. To our delight, we're happy to make to OpenZFS available on every Ubuntu system.”
• What does “supported by Canonical” mean?
• “You'll find zfs.ko automatically built and installed on your Ubuntu systems. No more DKMS-built modules”
• “The user space zfsutils-linux package will be included in Ubuntu Main, with security updates provided by Canonical”
• The article then provides a quick tutorial for setting up Linux Containers (LXC) backed by ZFS
• In the example, ZFS is backed by a file on the existing disk, not by a real disk, and with no redundancy
• However, the setup script seems to support using real block devices
• The Software Freedom Conservancy is expected to issue a statement detailing their opinion on the legalities and licensing issues of bundling ZFS with Linux. ***

Polling is a Hack: Server Sent Events (EventSource) with gevent, Flask, nginx, and FreeBSD

• A tutorial on setting up ‘Server-Sent Events’, also know as EventSource in javascript, to notify website clients of new data, rather than having the javascript constantly poll for new data.
• The setup uses FreeBSD, nginx, gevent, Python, and the Flask framework
• The tutorial walks through setting a basic Python application using the Flask framework
• Then setting up the client side in Javascript
• Then for the server side setup, it covers installing and configuring nginx, and py-supervisor on FreeBSD
• The tutorial also includes links to additional resources and examples, including how to rate limit the Flash application ***

Why FreeBSD?

• An excellent article written by Hamza Sheikh, discussing why FreeBSD is now his clear choice for learning UNIX.
• The article is pretty well written and lengthy, but has some great parts which we wanted to share with you:

There were many rough edges in the Linux world and some of them exist even today. Choosing the right distribution (distro) for the task at hand is always the first and most difficult decision to make. While this is a strength of the Linux community it is also its weakness. This is exacerbated with the toxic infighting within the community in the last few years.

A herd of voices believes it is their right to bring down a distro community because it is not like their distro of choice. Forking upstream projects has somehow become taboo. Hurling abuse in mailing lists is acceptable. Helping new users is limited to lambasting their distro of choice. Creating conspiracy theories over software decisions is the way to go. Copyleft zealots roam social media declaring non-copyleft free software heretic abominations. It all boils down to an ecosystem soured by the presence of maniacs who have the loudest voices and they seem to be everywhere you turn.

Where is the engineering among all this noise? Btrfs - baking for a long time - is still nowhere near ZFS in stability or feature parity. systemd is an insatiable entity that feeds on every idea in sight and just devours indiscriminately. Wayland was promised years ago and its time has yet to arrive. Containers are represented by Docker that neither securely contains applications nor makes them easy to manage in production. Firewalling is dithering between firewalld, nftables, etc. SystemTap cannot match DTrace.

In the same time span what do various BSDs offer? pf, CARP, ZFS, Hammer, OpenSSH, jails, pkgsrc, (software) ports, DTrace, hardware portability; just to name a few. Few would deny that BSDs have delivered great engineering with free software licenses to the entire world. To me they appear to be better flag bearers of free software with engineering to back it.

• He then goes through some of the various BSD’s and the specifics on why FreeBSD was the logical choice for his situation. But at the end has a great summary on the community as a whole:

Finally - and maybe repeating myself here - I have nothing but praise for the community. Be it BSD Now, mailing lists, Reddit, Twitter, LFNW, or SeaGL, people have encouraged me, answered my questions, and filed bugs for me. I have been welcomed and made a part of the community with open arms. These reasons are (good) enough for me to use FreeBSD and contribute to it.

BeastieBits

OPNsense 16.1.3 released

Copies of "FreeBSD Mastery: Specialty Filesystems" seen in the wild

pfsense training available in Europe

LiteBSD now has 50 ports in its ports tree

Ports tree locked for OpenBSD 5.9

“FreeBSD Filesystem Fun” at March semibug

Event #46 — Embedded Platforms (BSD, OpenWRT, Plan 9 & Inferno)

Feedback/Questions

• Frank - ZFS RAM?
• David - ARM Porting
• Johnny - Lumina Default?
• Adam - PC-BSD Install and Q’s
• Jeremy - Video Card Q ***

This episode was brought to you by

Headlines

OpenBSD hypervisor coming soon

• Our buddy Mike Larkin never rests, and he posted some very tight-lipped console output on Twitter recently
• From what little he revealed at the time, it appeared to be a new hypervisor (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled "vmm"
• Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is
• Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation
• One thing to note: this isn't just a port of something like Xen or Bhyve; it's all-new code, and Mike explains why he chose to go that route
• He also answered some basic questions about the requirements, when it'll be available, what OSes it can run, what's left to do, how to get involved and so on ***

Why FreeBSD should not adopt launchd

• Last week we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD
• One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we've learned)
• In this article, the author talks about why he thinks this is a bad idea
• He doesn't oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail
• The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities
• Reddit had quite a bit to say about this one, some in agreement and some not ***

DragonFly graphics improvements

• The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack
• This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs
• You should also see some power management improvements, longer battery life and various other bug fixes
• If you're running DragonFly, especially on a laptop, you'll want to get this stuff on your machine quick - big improvements all around ***

OpenBSD tames the userland

• Last week we mentioned OpenBSD's tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are
• Theo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools
• It's still a work-in-progress version; there's still more to be added (including the file path whitelist stuff)
• Some classic utilities are even being reworked to make taming them easier - the "w" command, for example
• The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)
• More discussion can be found on HN, as one might expect
• If you're a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release ***

Interview - Scott Courtney - vbsdcon@verisign.com / @verisign

vBSDCon 2015

News Roundup

OPNsense, beyond the fork

• We first heard about OPNsense back in January, and they've since released nearly 40 versions, spanning over 5,000 commits
• This is their first big status update, covering some of the things that've happened since the project was born
• There's been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything ***

LibreSSL nukes SSLv3

• With their latest release, LibreSSL began to turn off SSLv3 support, starting with the "openssl" command
• At the time, SSLv3 wasn't disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)
• They've now flipped the switch, and the process of complete removal has started
• From the Undeadly summary, "This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!"
• With this change and a few more to follow shortly, Libre*SSL* won't actually support SSL anymore - time to rename it "LibreTLS" ***

FreeBSD MPTCP updated

• For anyone unaware, Multipath TCP is "an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy."
• There's been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated
• Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements
• Some big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start ***

UEFI and GPT in OpenBSD

• There hasn't been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently
• Some support for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review
• This comes along with a number of other commits related to GPT, much of which is being refactored and slowly reintroduced
• Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should "just work" with GPT (once everything's in)
• The UEFI bootloader support has been committed, so stay tuned for more updates as further progress is made ***

Feedback/Questions

• John writes in
• Mason writes in
• Earl writes in ***

This episode was brought to you by

Headlines

Xen dom0 in FreeBSD 11-CURRENT

• FreeBSD has just gotten dom0 support for the Xen hypervisor, something NetBSD has had for a while now
• The ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base
• It's currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we'll likely see it when 11.0 comes out
• How will this affect interest in Bhyve? ***

A tale of two educational moments

• Here we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project
• It's split into two stories: one that could've gone better, and one that went really well
• For the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies
• Experience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours - but wasn't so encouraging about getting it committed
• In the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user's workflow considerably with just a few tips
• The lesson to take away from this is that we can all help out to encourage and assist new users - everyone was a newbie once ***

What's coming in NetBSD 7

• We first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn't been released and there hasn't been much public info about it
• This blog post outlines some of the bigger features that we can expect to see when it actually does come out
• Their total platform count is now over 70, so you'd be hard-pressed to find something that it doesn't run on
• There have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards)
• Many ARM boards now have full SMP support
• Clang has also finally made its way into the base system, something we're glad to see, and it should be able to build the base OS on i386, AMD64 and ARM - other architectures are still a WIP
• In the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc
• NetBSD's in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0
• Looking to the future, NetBSD hopes to integrate a stable ZFS implementation later on ***

OpenZFS office hours

• We mentioned a couple weeks back that the OpenZFS office hours series was starting back up
• They've just uploaded the recording of their most recent freeform discussion, with Justin Gibbs being the main presenter
• In it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more ***

Interview - Baptiste Daroussin - bapt@freebsd.org

Packaging the FreeBSD base system with pkgng

Discussion

Packaging the FreeBSD base system with pkgng (follow-up)

Feedback/Questions

• Jeff writes in
• Anonymous writes in
• Alex writes in
• Joris writes in ***

Mailing List Gold

• ok feedback@ ***

This episode was brought to you by

Headlines

Major changes coming in PCBSD 11

• The PCBSD team has announced that version 11.0 will have some more pretty big changes (as they've been known to do lately with NTP daemons and firewalls)
• Switching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users
• To solve this, they've ported over Linux's iptables, giving users a much more straightforward configuration
• While ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward
• Since the FreeBSD kernel doesn't support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough
• People often complain about PCBSD's huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager
• To reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy
• As we've mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its "life preserver" utility, making it simple to manage multiple snapshots too
• To test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users' files - hope you had that stuff backed up ***

NetBSD and FreeBSD join forces

• The BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from
• What's more, none of them have any specific areas they focus on or anything like that (they're all basically the same)
• That situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to FretBSD
• Within a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server
• As UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load
• With FretBSD, your toaster can now run ZFS, so you'll never need to worry about the bread becoming silently corrupted again ***

Puffy in the cloud

• If you've ever wanted to set up a backup server, especially for family members or someone who's not as technology-savvy, you've probably realized there are a lot of options
• This post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon
• Doing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc
• He also mentions our pf tutorial being helpful in blocking script kiddies from hammering the box
• Be sure to encourage your less-technical friends to always back up their important data ***

NetBSD at AsiaBSDCon

• Some NetBSD developers have put together a report of what they did at the most recent event in Tokyo
• It includes a wrap-up of the event, as well as a list of presentations that NetBSD developers gave
• Have you ever wanted even more pictures of NetBSD running on lots of devices? There's a never-ending supply, apparently
• At the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded pictures of all of them
• There's also a video of an OMRON LUNA-II running the luna68k port ***

Interview - Kamila Součková - kamila@ksp.sk / @anotherkamila

BSD conferences, Google Summer of Code, various topics

News Roundup

FreeBSD foundation March update

• The FreeBSD foundation has published their March update for fundraising and sponsored projects
• In the document, you'll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update
• They also mention our interview with the foundation president - be sure to check it out if you haven't ***

Inside OpenBSD's new httpd

• BSD news continues to dominate mainstream tech news sites… well not really, but they talk about it once in a while
• The SD Times is featuring an article about OpenBSD's in-house HTTP server, after seeing Reyk's AsiaBSDCon presentation about it (which he's giving at BSDCan this year, too)
• In this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter
• Since the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in
• The post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy) ***

Using poudriere without OpenSSL

• Last week we talked about using LibreSSL in FreeBSD for all your ports
• One of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to
• This blog post shows how to completely strip OpenSSL out of the poudriere build jails, something that's a lot more difficult than you'd think
• If you're a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly ***

HAMMER and GPT in OpenBSD

• Someone, presumably a Google Summer of Code student, wrote in to the lists about his HAMMER FS porting proposal
• He outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)
• There's no word yet on if it will be accepted, but it's an interesting idea to explore, especially when you consider that HAMMER really only has one developer
• In more disk-related news, Ken Westerback has been committing quite a lot of GPT-related fixes recently
• Full GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone's guess ***

Feedback/Questions

• Morgan writes in
• Dustin writes in
• Stan writes in
• Mica writes in ***

Mailing List Gold

• Developers in freefall
• Xorg thieves pt. 1
• Xorg thieves pt. 2 ***

This episode was brought to you by

Headlines

Using OpenBGPD to distribute pf table updates

• For those not familiar, OpenBGPD is a daemon for the Border Gateway Protocol - a way for routers on the internet to discover and exchange routes to different addresses
• This post, inspired by a talk about using BGP to distribute spam lists, details how to use the protocol to distribute some other useful lists and information
• It begins with "One of the challenges faced when managing our OpenBSD firewalls is the distribution of IPs to pf tables without manually modifying /etc/pf.conf on each of the firewalls every time. This task becomes quite tedious, specifically when you want to distribute different types of changes to different systems (eg administrative IPs to a firewall and spammer IPs to a mail server), or if you need to distribute real time blacklists to a large number of systems."
• If you manage a lot of BSD boxes, this might be an interesting alternative to some of the other ways to distribute configuration files
• OpenBGPD is part of the OpenBSD base system, but there's also an unofficial port to FreeBSD and a "work in progress" pkgsrc version ***

Mounting removable media with autofs

• The FreeBSD foundation has a new article in the "FreeBSD from the trenches" series, this time about the sponsored autofs tool
• It's written by one of the autofs developers, and he details his work on creating and using the utility
• "The purpose of autofs(5) is to mount filesystems on access, in a way that's transparent to the application. In other words, filesystems get mounted when they are first accessed, and then unmounted after some time passes."
• He talks about all the components that need to work together for smooth operation, how to configure it and how to enable it by default for removable drives
• It ends with a real-world example of something we're all probably familiar with: plugging in USB drives and watching the magic happen
• There's also some more advanced bonus material on GEOM classes and all the more technical details ***

The Tor Browser on BSD

• The Tor Project has provided a "browser bundle" for a long time, which is more or less a repackaged Firefox with many security and privacy-related settings preconfigured and some patches applied to the source
• Just tunneling your browser through a transparent Tor proxy is not safe enough - many things can lead to passive fingerprinting or, even worse, anonymity being completely lost
• It has, however, only been released for Windows, OS X and Linux - no BSD version
• "[...] we are pushing back against an emerging monoculture, and this is always a healthy thing. Monocultures are dangerous for many reasons, most importantly to themselves."
• Some work has begun to get a working port on BSD going, and this document tells about the process and how it all got started
• If you've got porting skills, or are interested in online privacy, any help would be appreciated of course (see the post for details on getting involved) ***

OpenSSH 6.8 released

• Continuing their "tick tock" pattern of releases alternating between new features and bugfixes, the OpenSSH team has released 6.8 - it's a major upgrade, focused on new features (we like those better of course)
• Most of the codebase has gone through refactoring, making it easier for regression tests and improving the general readability
• This release adds support for SHA256-hashed, base64-encoded host key fingerprints, as well as making that the default - a big step up from the previously hex-encoded MD5 fingerprints
• Experimental host key rotation support also makes it debut, allowing for easy in-place upgrading of old keys to newer (or refreshed) keys
• You can now require multiple, different public keys to be verified for a user to authenticate (useful if you're extra paranoid or don't have 100% confidence in any single key type)
• The native version will be in OpenBSD 5.7, and the portable version should hit a ports tree near you soon
• Speaking of the portable version, it now has a configure option to build without OpenSSL or LibreSSL, but doing so limits you to Ed25519 key types and ChaCha20 and AES-CTR ciphers ***

NetBSD at AsiaBSDCon

• The NetBSD guys already have a wrap-up of the recent event, complete with all the pictures and weird devices you'd expect
• It covers their BoF session, the six NetBSD-related presentations and finally their "work in progress" session
• There was a grand total of 34 different NetBSD gadgets on display at the event ***

Interview - Lawrence Teo - lteo@openbsd.org / @lteo

OpenBSD at Calyptix

News Roundup

HardenedBSD introduces Integriforce

• A little bit of background on this one first: NetBSD has something called veriexec, used for checking file integrity at the kernel level
• By doing it at the kernel level, similar to securelevels, it offers some level of protection even when the root account is compromised
• HardenedBSD has introduced a similar mechanism into their "secadm" utility
• You can list binaries in the config file that you want to be protected from changes, then specify whether those can't be run at all, or if they just print a warning
• They're looking for some more extensive testing of this new feature ***

More s2k15 hackathon reports

• A couple more Australian hackathon reports have poured in since the last time
• The first comes from Jonathan Gray, who's done a lot of graphics-related work in OpenBSD recently
• He worked on getting some newer "Southern Islands" and "Graphics Core Next" AMD GPUs working, as well as some OpenGL and DRM-related things
• Also on his todo list was to continue hitting various parts of the tree with American Fuzzy Lop, which ended up fixing a few crashes in mandoc
• Ted Unangst also sent in a report to detail what he hacked on at the event
• With a strong focus on improving SMP scalability, he tackled the virtual memory layer
• His goal was to speed up some syscalls that are used heavily during code compilation, much of which will probably end up in 5.8
• All the trip reports are much more detailed than our short summaries, so give them a read if you're interested in all the technicalities ***

DragonFly 4.0.4 and IPFW3

• DragonFly BSD has put out a small point release to the 4.x branch, 4.0.4
• It includes a minor list of fixes, some of which include a HAMMER FS history fix, removing the no-longer-needed "new xorg" and "with kms" variables and a few LAGG fixes
• There was also a bug in the installer that prevented the rescue image from being installed correctly, which also gets fixed in this version
• Shortly after it was released, their new IPFW2 firewall was added to the tree and subsequently renamed to IPFW3 (since it's technically the third revision) ***

NetBSD gets Raspberry Pi 2 support

• NetBSD has announced initial support for the second revision of the ever-popular Raspberry Pi board
• There are -current snapshots available for download, and multiprocessor support is also on the way
• The NetBSD wiki page about the Raspberry Pi also has some more information and an installation guide
• The usual Hacker News discussion on the subject
• If anyone has one of these little boards, let us know - maybe write up a blog post about your experience with BSD on it ***

OpenIKED as a VPN gateway

• In our first discussion segment, we talked about a few different ways to tunnel your traffic
• While we've done full tutorials on things like SSH tunnels, OpenVPN and Tor, we haven't talked a whole lot about OpenBSD's IPSEC suite
• This article should help fill that gap - it walks you through the complete IKED setup
• From creating the public key infrastructure to configuring the firewall to configuring both the VPN server and client, this guide's got it all ***

Feedback/Questions

• Gary writes in
• Robert writes in
• Joris writes in
• Mike writes in
• Anders writes in ***

Mailing List Gold

• Can you hear me now
• He must be GNU here
• I've seen some... ***

This episode was brought to you by

Special segment

Demystifying Boot Environments in PC-BSD

Interview - Justin Gibbs - gibbs@freebsd.org / @freebsdfndation

The FreeBSD foundation's 15th anniversary

Discussion

The story of PC-BSD

This episode was brought to you by

Headlines

More BSD conference videos

• We mentioned it a few times, but the "New Directions in Operating Systems" conference was held in November in the UK
• The presentations videos are now online, with a few BSD-related talks of interest
• Antti Kantee, Rump kernels and why / how we got here
• Franco Fichtner, An introduction to userland networking
• Robert Watson, New ideas about old OS security
• Lots of other interesting, but non-BSD-related, talks were also presented, so check the full list if you're interested in operating systems in general
• The 2014 AsiaBSDCon videos are also slowly being uploaded (better late than never)
• Kirk McKusick, An Overview of Security in the FreeBSD Kernel
• Matthew Ahrens, OpenZFS ensures the continued excellence of ZFS
• Eric Allman, Bambi Meets Godzilla: They Elope - Open Source Meets the Commercial World
• Scott Long, Modifying the FreeBSD kernel Netflix streaming servers
• Dru Lavigne, ZFS for the Masses
• Kris Moore, Snapshots, Replication, and Boot Environments
• David Chisnall, The Future of LLVM in the FreeBSD Toolchain
• Luba Tang, Bold, fast optimizing linker for BSD
• John Hixson, Introduction to FreeNAS development
• Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM
• Michael Dexter, Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite
• Peter Grehan, Nested Paging in Bhyve
• Martin Matuška, Deploying FreeBSD systems with Foreman and mfsBSD
• James Brown, Analysys of BSD Associate Exam Results
• Mindaugas Rasiukevicius, NPF - progress and perspective
• Luigi Rizzo, Netmap as a core networking technology
• Michael W. Lucas, Sudo: You're Doing it Wrong (not from a BSD conference, but still good)
• They should make for some great material to watch during the holidays ***

OpenBSD vs FreeBSD security features

• From the author of both the OpenBSD and FreeBSD secure gateway articles we've featured in the past comes a new entry about security
• The article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD
• It covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more
• This is definitely one of the most in-depth and complete articles we've seen in a while - the author seems to have done his homework
• If you're looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques - be sure to read the whole thing
• There are also some good comments on DaemonForums and lobste.rs that you may want to read ***

The password? You changed it, right?

• Peter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he's seen recently
• He apparently reads his auth logs when he gets bored at an airport
• This new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use
• More than 700 IPs have tried to get into Peter's BSD boxes using these names in combination with weak passwords
• Lots more details, including the lists of passwords and IPs, can be found in the full article
• If you're using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don't have a "d-link" user anyway) ***

Get started with FreeBSD, an intro for Linux users

• Another new BSD article on a mainstream technology news site - seems we're getting popular
• This article is written for Linux users who may be considering switching over to BSD and wondering what it's all about
• It details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way
• "Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like" **

Interview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor

FreeBSD Mastery: Storage Essentials

News Roundup

OpenSMTPD status update

• The OpenSMTPD guys, particularly Gilles, have posted an update on what they've been up to lately
• As of 5.6, it's become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7
• Email is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they've had to deal with
• There's also another post that goes into detail on their upcoming filtering API - a feature many have requested
• The API is still being developed, but you can test it out now if you know what you're doing - full details in the article
• OpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out ***

OpenCrypto changes in FreeBSD

• A little while back, we talked to John-Mark Gurney about updating FreeBSD's OpenCrypto framework, specifically for IPSEC
• Some of that work has just landed in the -CURRENT branch, and the commit has a bit of details
• The ICM and GCM modes of AES were added, and both include support for AESNI
• There's a new port - "nist-kat" - that can be used to test the new modes of operation
• Some things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages
• Code was also borrowed from both OpenBSD and NetBSD to make this possible ***

First thoughts on OpenBSD's httpd

• Here we have a blog post from a user of OpenBSD's new homegrown web server that made its debut in 5.6
• The author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot
• He also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up
• Be sure to check our interview with Reyk about the new httpd if you're curious on how it got started
• Also, if you're running the version that came with 5.6, there's a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7 ***

Steam on PCBSD

• One of the most common questions people who want to use BSD as a desktop ask us is "can I run games?" or "can I use steam?"
• Steam through the Linux emulation layer (in FreeBSD) may be possible soon, but it's already possible to use it with WINE
• This video shows how to get Steam set up on PCBSD using the Windows version
• There are also some instructions in the video description to look over
• A second video details getting streaming set up ***

Feedback/Questions

• Charlie writes in
• Sean writes in
• Predrag writes in ***

This episode was brought to you by

Headlines

More BSD presentation videos

• The MeetBSD video uploading spree continues with a few more talks, maybe this'll be the last batch
• Corey Vixie, Web Apps in Embedded BSD
• Allan Jude, UCL config
• Kip Macy, iflib
• While we're on the topic of conferences, AsiaBSDCon's CFP was extended by one week
• This year's ruBSD will be on December 13th in Moscow
• Also, the BSDCan call for papers is out, and the event will be in June next year
• Lastly, according to Rick Miller, "A potential vBSDcon 2015 event is being explored though a decision has yet to be made." ***

BSD-powered digital library in Africa

• You probably haven't heard much about Nzega, Tanzania, but it's an East African country without much internet access
• With physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school
• They now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)
• The school's workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it ***

pfSense 2.2 status update

• With lots of people asking when the 2.2 release will be done, some pfSense developers decided to provide a status update
• 2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc
• All these things have taken more time than previously expected
• The post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release ***

Recommended hardware threads

• A few threads on caught our attention this week, all about hardware recommendations for BSD setups
• In the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS
• Everyone gave some good recommendations for low power, Atom-based systems
• The second thread started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread
• For a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the third and fourth threads confirming this
• If you're thinking about building your first BSD box - server, router, NAS, whatever - these might be some good links to read ***

Interview - Paul Schenkeveld - freebsd@psconsult.nl

Running a BSD conference

News Roundup

From Linux to FreeBSD - for reals

• Another Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)
• After being a Linux guy for 20(!) years, he's ready to switch his systems over, and is looking for some helpful guides to transition
• In the comments, a lot of new switchers offer some advice and reading material
• If any of the listeners have some things that were helpful along your switching journey, maybe send 'em this guy's way ***

Running FreeBSD as a Xen Dom0

• Continuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor
• This wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it
• Xen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)
• The wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet ***

HardenedBSD updates and changes

• a.out is the old executable format for Unix
• The name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968
• FreeBSD, on which HardenedBSD is based, switched away from a.out in version 3.0
• A restriction against NULL mapping was introduced in FreeBSD 7 and enabled by default in FreeBSD 8
• However, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited
• HardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’
• Package building update: more consistent repo, no more i386 packages ***

Feedback/Questions

• Boris writes in
• Alex writes in (edit: adding "tinker panic 0" to the ntp.conf will disable the sanity check)
• Chris writes in
• Robert writes in
• Jake writes in ***

Mailing List Gold

• Real world authpf use
• The great perl event of 2014 ***

This episode was brought to you by

Headlines

BSD talks at XDC 2014

• This year's Xorg conference featured a few BSD-related talks
• Matthieu Herrb, Status of the OpenBSD graphics stack
• Matthieu's talk details what's been done recently in Xenocara the OpenBSD kernel for graphics (slides here)
• Jean-Sébastien Pédron, The status of the graphics stack on FreeBSD
• His presentation gives a history of major changes and outlines the current overall status of graphics in FreeBSD (slides here)
• Francois Tigeot, Porting DRM/KMS drivers to DragonFlyBSD
• Francois' talk tells the story of how he ported some of the DRM and KMS kernel drivers to DragonFly (slides here) ***

FreeBSD Quarterly Status Report

• The FreeBSD project has a report of their activities between July and September of this year
• Lots of ARM work has been done, and a goal for 11.0 is tier one support for the platform
• The release includes reports from the cluster admin team, release team, ports team, core team and much more, but we've already covered most of the items on the show
• If you're interested in seeing what the FreeBSD community has been up to lately, check the full report - it's huge ***

Monitoring pfSense logs using ELK

• If you're one of those people who loves the cool graphs and charts that pfSense can produce, this is the post for you
• ELK (ElasticSearch, Logstash, Kibana) is a group of tools that let you collect, store, search and (most importantly) visualize logs
• It works with lots of different things that output logs and can be sent to one central server for displaying
• This post shows you how to set up pfSense to do remote logging to ELK and get some pretty awesome graphs ***

Some updates to IPFW

• Even though PF gets a lot of attention, a lot of FreeBSD people still love IPFW
• While mostly a dormant section of the source tree, some updates were recently committed to -CURRENT
• The commit lists the user-visible changes, performance changes, ABI changes and internal changes
• It should be merged back to -STABLE after a month or so of testing, and will probably end up in 10.2-RELEASE
• Also check this blog post for some more information and fancy graphs ***

Interview - Hiroki Sato (佐藤広生) - hrs@freebsd.org / @hiroki_sato

BSD in Japan, technology conferences, various topics

News Roundup

pfSense on Hyper-V

• In case you didn't know, the latest pfSense snapshots support running on Hyper-V
• Unfortunately, the current stable release is based on an old, unsupported FreeBSD 8.x base, so you have to use the snapshots for now
• The author of the post tells about his experience running pfSense and gives lots of links to read if you're interested in doing the same
• He also praises pfSense above other Linux-based solutions for its IPv6 support and high quality code ***

OpenBSD as a daily driver

• A curious Reddit user posts to ask the community about using OpenBSD as an everyday desktop OS
• The overall consensus is that it works great for that, stays out of your way and is quite reliable
• Caveats would include there being no Adobe Flash support (though others consider this a blessing..) and it requiring a more hands-on approach to updating
• If you're considering running OpenBSD as a "daily driver," check all the comments for more information and tips ***

Getting PF log statistics

• The author of this post runs an OpenBSD box in front of all his VMs at his colocation, and details his experiences with firewall logs
• He usually investigates any IPs of interest with whois, nslookup, etc. - but this gets repetitive quickly, so..
• He sets out to find the best way to gather firewall log statistics
• After coming across a perl script to do this, he edited it a bit and is now a happy, lazy admin once again
• You can try out his updated PF script here ***

FlashRD 1.7 released

• In case anyone's not familiar, flashrd is a tool to create OpenBSD images for embedded hardware devices, executing from a virtualized environment
• This new version is based on (the currently unreleased) OpenBSD 5.6, and automatically adapts to the number of CPUs you have for building
• It also includes fixes for 4k drives and lots of various other improvements
• If you're interested in learning more, take a look at some of the slides and audio from the main developer on the website ***

Feedback/Questions

• Antonio writes in
• Don writes in
• Andriy writes in
• Richard writes in
• Robert writes in ***

Mailing List Gold

• Subtle trolling
• Old bugs with old fixes
• A pig reinstall
• Strange DOS-like environment ***

This episode was brought to you by

Headlines

OpenBSD on a Sun T5120

• Our buddy Ted Unangst got himself a cool Sun box
• Of course he had to write a post about installing and running OpenBSD on it
• The post goes through some of the quirks and steps to go through in case you're interested in one of these fine SPARC machines
• He's also got another post about OpenBSD on a Dell CS24-SC server ***

Bhyvecon 2014 videos are up

• Like we mentioned last week, Bhyvecon was an almost-impromptu conference before AsiaBSDCon
• The talks have apparently already been uploaded!
• Subjects include Bhyve's past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization
• Lots more detail in the videos, so check 'em all out ***

Building a FreeBSD wireless access point

• We've got a new blog post about creating a wireless access point with FreeBSD
• After all the recent news of consumer routers being pwned like candy, it's time for people to start building BSD routers
• The author goes through a lot of the process of getting one set up using good ol' FreeBSD
• Using hostapd, he's able to share his wireless card in hostap mode and offer DHCP to all the clients
• Plenty of config files and more messy details in the post ***

Switching from Synology to FreeNAS

• The author has been considering getting a NAS for quite a while and documents his research
• He was faced with the compromise of convenience vs. flexibility - prebuilt or DIY
• After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice
• The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give ***

Interview - Warren Block - wblock@freebsd.org

FreeBSD's documentation project, igor, doceng

Tutorial

The world of BSD mailing lists

News Roundup

HAMMER2 work and notes

• Matthew Dillon has posted some updated notes about the development of the new HAMMER version
• The start of a cluster API was committed to the tree
• There are also links to design document, a freemap design document, a changes list and a todo list ***

BSD Breaking Barriers

• Our friend MWL gave a talk at NYCBSDCon about BSD "breaking barriers"
• "What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We'll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years."
• He also has another upcoming talk, (or "webcast") called "Beyond Security: Getting to Know OpenBSD's Real Purpose"
• "OpenBSD is frequently billed as a high-security operating system. That's true, but security isn't the OpenBSD Project's main goal. This webcast will introduce systems administrators to OpenBSD, explain the project's mission, and discuss the features and benefits."
• It's on May 27th and will hopefully be recorded ***

FreeBSD in a chroot

• Finch, "FreeBSD running IN a CHroot," is a new project
• It's a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)
• All the details and some interesting use cases are on the github page
• He really needs to change the project name though ***

PCBSD weekly digest

• Lots of bugfixes for PCBSD coming down the tubes
• LZ4 compression is now enabled by default on the whole pool
• The latest 10-STABLE has been imported and builds are going
• Also the latest GNOME and Cinnamon builds have been imported and much more ***

Feedback/Questions

• Bostjan writes in (IRC suggests md5deep)
• Don writes in
• kaltheat writes in (We use R0DE Podcast microphones and Logitech C920 HD webcams)
• Harri writes in ***

This episode was brought to you by

Headlines

Using OpenSSH Certificate Authentication

• SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using
• They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that
• There's the benefit of not needing a known_hosts file or authorized_users file anymore
• The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication ***

Back to FreeBSD, a new series

• Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
• "So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10"
• He's starting off with PCBSD since it's easy to get working with dual graphics
• Should be a fun series to follow! ***

OpenBSD's recent experiments in package building

• If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb
• Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
• This article goes through some of his findings and plans for future versions that increase performance
• We'll be showing a tutorial of dpb on the show in a few weeks ***

Securing FreeBSD with 2FA

• So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
• This post walks us through the process of locking down an ssh server with 2FA
• With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections ***

Interview - Gleb Kurtsou - gleb.kurtsou@gmail.com

PEFS (security audit results here)

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

• Registration is finally open!
• The prices are available along with a full list of presentations
• Tutorial sessions for various topics as well
• You have to go ***

Big changes for OpenBSD 5.6

• Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
• OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
• They've also imported nginx into base a few years ago, but now have finally removed Apache
• Sendmail is also no longer the default MTA, OpenSMTPD is the new default
• Will BIND be removed next? Maybe so
• They've also discontinued the hp300, mvme68k and mvme88k ports ***

Getting to know your portmgr lurkers

• The "getting to know your portmgr" series makes its return
• This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
• How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by"
• Mentions why he's still heavily involved with the project and lots more ***

PCBSD weekly digest

• Work has started to port Pulseaudio to PCBSD 10.0.1
• There's a new "pc-mixer" utility being worked on for sound management as well
• New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
• PCBSD 10.0.1 was released too ***

Feedback/Questions

• Alex writes in
• Ben writes in
• Nick writes in
• Sami writes in
• Christopher writes in ***

This episode was brought to you by

Headlines

EuroBSDCon and AsiaBSDCon

• This year, EuroBSDCon will be in September in Sofia, Bulgaria
• They've got a call for papers up now, so everyone can submit the talks they want to present
• There will also be a tutorial section of the conference
• AsiaBSDCon will be next month, in March!
• All the info about the registration, tutorials, hotels, timetable and location have been posted
• Check the link for all the details on the talks - if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers! ***

FreeBSD 10 on Ubiquiti EdgeRouter Lite

• The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU
• This article goes through the process of installing and configuring FreeBSD on it to use as a home router
• Lots of good pictures of the hardware and specific details needed to get you set up
• It also includes the scripts to create your own images if you don't want to use the ones rolled by someone else
• For such a cheap price, might be a really fun weekend project to replace your shitty consumer router
• Of course if you're more of an OpenBSD guy, you can always see our tutorial for that too ***

Signed pkgsrc package guide

• We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up
• It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)
• He goes through the process of signing packages with a public key and how to verify the packages when you install them
• The author also happens to be an EdgeBSD developer ***

Big batch of OpenBSD hackathon reports

• Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI
• In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things
• In the third, jsg updated libdrm and mesa and did various work on xenocara
• In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead - but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he's done
• In the fifth, claudio talks about some stuff he did for routing tables and misc. other things ***

Interview - Chris Buechler - cmb@pfsense.com / @cbuechler

pfSense

Tutorial

pfSense walkthrough

News Roundup

FreeBSD challenge continues

• Our buddy from the Linux foundation continues his switching to BSD journey
• In day 13, he covers some tips for new users, mentions trying things out in a VM first
• In day 14, he starts setting up XFCE and X11, feels like he's starting over as a new Linux user learning the ropes again - concludes that ports are the way to go
• In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch
• In day 16, he dives into the world of FreeBSD jails! ***

BSD books in 2014

• BSD books are some of the highest quality technical writings available, and MWL has written a good number of them
• In this post, he details some of his plans for 2014
• In includes at least one OpenBSD book, at least one FreeBSD book and...
• Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)
• Check the link for all the details ***

How to build FreeBSD/EC2 images

• Our friend Colin Percival details how to build EC2 images in a new blog post
• Most people just use the images he makes on their instances, but some people will want to make their own from scratch
• You build a regular disk image and then turn it into an AMI
• It requires a couple ports be installed on your system, but the whole process is pretty straightforward ***

PCBSD weekly digest

• This time around we discuss how you can become a developer
• Kris also details the length of supported releases
• Expect lots of new features in 10.1 ***

Feedback/Questions

• Sean writes in
• Jake writes in
• Niclas writes in
• Steffan writes in
• Antonio writes in
• Chris writes in ***

Headlines

Faces of FreeBSD

• The FreeBSD foundation is publishing articles on different FreeBSD developers
• This one is about Colin Percival (cperciva@), the ex-security officer
• Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
• Running series with more to come ***

Lots of BSD presentation videos uploaded

• EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL's presentation video
• Most of us never get to see the dev summit talks since they're only for developers
• AsiaBSDCon 2013 videos also up finally
• List of AsiaBSDCon presentation topics here
• Our buddy Michael W Lucas gave an "OpenBSD for Linux users" talk at a Michigan Unix Users Group.
• He says "Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff"
• Really informative presentation, pretty long, answers some common questions at the end ***

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

• FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
• Just like in the last years, there will be both a BSD booth and a developer's room
• The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
• If you are in the area or want to go, check the show notes for details
• NYCBSDCon is also accepting papers.
• It'll be in New York City at the beginning of February 2014
• If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff! ***

FreeBSD foundation's year-end fundraising campaign

• The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
• As of today they have raised about half a million dollars, but still have a while to go
• Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
• They are preparing the debut of a new online magazine, the FreeBSD Journal
• Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
• Make your donation today over at freebsdfoundation.org, every little bit helps
• Everyone involved with BSD Now made a donation last year and will do so again this year ***

Interview - Amitai Schlair - schmonz@netbsd.org / @schmonz

The NetBSD Foundation, pkgsrc, future plans

Tutorial

Combining SSH and tmux

• Note: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions. ***

News Roundup

PS4 released

• Sony's Playstation 4 is finally released
• As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
• Link in the show notes contains the full list of BSD software they're using
• Always good to see BSD being so widespread ***

BSD Mag November issue

• Free monthly BSD magazine publishes another issue
• This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
• PDF linked in the show notes ***

pbulk builds made easy

• NetBSD's pbulk tool is similar to poudriere, but for pkgsrc
• While working on updating the documentation, a developer cleaned up quite a lot of code
• He wrote a script that automates pbulk deployment and setup
• The whole setup of a dedicated machine has been reduced to just three commands ***

PCBSD weekly digest

• Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
• Many PC-BSD programs received some necessary bug fixes and updates
• Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM ***

Feedback/Questions

• Peter writes in
• Kjell-Aleksander writes in
• Jordan writes in
• Christian writes in
• entransic writes in ***