<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" encoding="UTF-8" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/" xmlns:atom="http://www.w3.org/2005/Atom/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:fireside="http://fireside.fm/modules/rss/fireside">
  <channel>
    <fireside:hostname>app03</fireside:hostname>
    <fireside:genDate>Sun, 12 Jul 2026 05:28:47 +0000</fireside:genDate>
    <generator>Fireside (https://fireside.fm)</generator>
    <title>BSD Now - Episodes Tagged with “Bhyve”</title>
    <link>https://www.bsdnow.tv/tags/bhyve</link>
    <pubDate>Thu, 16 Jan 2025 08:00:00 -0500</pubDate>
    <description>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.</description>
    <language>en-us</language>
    <itunes:type>episodic</itunes:type>
    <itunes:subtitle>A weekly podcast and the place to B...SD</itunes:subtitle>
    <itunes:author>JT Pennington</itunes:author>
    <itunes:summary>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.</itunes:summary>
    <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
    <itunes:explicit>no</itunes:explicit>
    <itunes:keywords>berkeley,freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview</itunes:keywords>
    <itunes:owner>
      <itunes:name>JT Pennington</itunes:name>
      <itunes:email>feedback@bsdnow.tv</itunes:email>
    </itunes:owner>
<itunes:category text="News">
  <itunes:category text="Tech News"/>
</itunes:category>
<itunes:category text="Education">
  <itunes:category text="How To"/>
</itunes:category>
<item>
  <title>594: Name that Domain</title>
  <link>https://www.bsdnow.tv/594</link>
  <guid isPermaLink="false">d9d3402b-e9ab-4a53-8865-04a1bb8ae732</guid>
  <pubDate>Thu, 16 Jan 2025 08:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d9d3402b-e9ab-4a53-8865-04a1bb8ae732.mp3" length="67824384" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Security Audit of the Capsicum and bhyve Subsystems, ZFS on Linux and block IO limits show some limits of being out of the kernel, NetBSD on a ROCK64 Board, Domain Naming, BSDCan 2025 CFP, The Internet Gopher from Minnesota, and more</itunes:subtitle>
  <itunes:duration>1:10:39</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Security Audit of the Capsicum and bhyve Subsystems, ZFS on Linux and block IO limits show some limits of being out of the kernel, NetBSD on a ROCK64 Board, Domain Naming, BSDCan 2025 CFP, The Internet Gopher from Minnesota, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://klarasystems.com/articles/winter_2024_roundup_storage_and_network_diagnostics/?utm_source=BSD%20Now&amp;amp;utm_medium=Podcast" rel="nofollow noopener"&gt;Roundup Storage and Network Diagnostics&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://freebsdfoundation.org/wp-content/uploads/2024/11/2024_Code_Audit_Capsicum_Bhyve_FreeBSD_Foundation.pdf" rel="nofollow noopener"&gt;Security Audit of the&lt;br&gt;
Capsicum and bhyve&lt;br&gt;
Subsystems&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxVersusBlockIOLimits" rel="nofollow noopener"&gt;ZFS on Linux and block IO limits show some limits of being out of the kernel&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://simonevellei.com/blog/posts/netbsd-on-a-rock64-board/" rel="nofollow noopener"&gt;NetBSD on a ROCK64 Board&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://ambient.institute/domain-naming/" rel="nofollow noopener"&gt;Domain Naming&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://www.bsdcan.org/2025/papers.html" rel="nofollow noopener"&gt;BSDCan 2025 CFP&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://www.abortretry.fail/p/the-internet-gopher-from-minnesota" rel="nofollow noopener"&gt;The Internet Gopher from Minnesota&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tarsnap&lt;/h2&gt;

&lt;p&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/p&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/594/feedback/Brendan%20-%20minio.md" rel="nofollow noopener"&gt;Brendan - MinIO&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Join us and other BSD Fans in our &lt;a href="https://t.me/bsdnow" rel="nofollow noopener"&gt;BSD Now Telegram channel&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, open source, foss, shell, cli, unix, tools, utility, berkeley, software, distribution, development, code, programming, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, security, audit, Capsicum, bhyve, Subsystems, block io limits, rock64 board, domain naming, gopher, Minnesota</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Security Audit of the Capsicum and bhyve Subsystems, ZFS on Linux and block IO limits show some limits of being out of the kernel, NetBSD on a ROCK64 Board, Domain Naming, BSDCan 2025 CFP, The Internet Gopher from Minnesota, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://klarasystems.com/articles/winter_2024_roundup_storage_and_network_diagnostics/?utm_source=BSD%20Now&amp;utm_medium=Podcast" rel="nofollow noopener">Roundup Storage and Network Diagnostics</a></p>

<hr>

<p><a href="https://freebsdfoundation.org/wp-content/uploads/2024/11/2024_Code_Audit_Capsicum_Bhyve_FreeBSD_Foundation.pdf" rel="nofollow noopener">Security Audit of the<br>
Capsicum and bhyve<br>
Subsystems</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxVersusBlockIOLimits" rel="nofollow noopener">ZFS on Linux and block IO limits show some limits of being out of the kernel</a></p>

<hr>

<p><a href="https://simonevellei.com/blog/posts/netbsd-on-a-rock64-board/" rel="nofollow noopener">NetBSD on a ROCK64 Board</a></p>

<hr>

<p><a href="https://ambient.institute/domain-naming/" rel="nofollow noopener">Domain Naming</a></p>

<hr>

<p><a href="https://www.bsdcan.org/2025/papers.html" rel="nofollow noopener">BSDCan 2025 CFP</a></p>

<hr>

<p><a href="https://www.abortretry.fail/p/the-internet-gopher-from-minnesota" rel="nofollow noopener">The Internet Gopher from Minnesota</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/594/feedback/Brendan%20-%20minio.md" rel="nofollow noopener">Brendan - MinIO</a></li>
</ul>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Security Audit of the Capsicum and bhyve Subsystems, ZFS on Linux and block IO limits show some limits of being out of the kernel, NetBSD on a ROCK64 Board, Domain Naming, BSDCan 2025 CFP, The Internet Gopher from Minnesota, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://klarasystems.com/articles/winter_2024_roundup_storage_and_network_diagnostics/?utm_source=BSD%20Now&amp;utm_medium=Podcast" rel="nofollow noopener">Roundup Storage and Network Diagnostics</a></p>

<hr>

<p><a href="https://freebsdfoundation.org/wp-content/uploads/2024/11/2024_Code_Audit_Capsicum_Bhyve_FreeBSD_Foundation.pdf" rel="nofollow noopener">Security Audit of the<br>
Capsicum and bhyve<br>
Subsystems</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/linux/ZFSOnLinuxVersusBlockIOLimits" rel="nofollow noopener">ZFS on Linux and block IO limits show some limits of being out of the kernel</a></p>

<hr>

<p><a href="https://simonevellei.com/blog/posts/netbsd-on-a-rock64-board/" rel="nofollow noopener">NetBSD on a ROCK64 Board</a></p>

<hr>

<p><a href="https://ambient.institute/domain-naming/" rel="nofollow noopener">Domain Naming</a></p>

<hr>

<p><a href="https://www.bsdcan.org/2025/papers.html" rel="nofollow noopener">BSDCan 2025 CFP</a></p>

<hr>

<p><a href="https://www.abortretry.fail/p/the-internet-gopher-from-minnesota" rel="nofollow noopener">The Internet Gopher from Minnesota</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/594/feedback/Brendan%20-%20minio.md" rel="nofollow noopener">Brendan - MinIO</a></li>
</ul>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </itunes:summary>
</item>
<item>
  <title>593: rc.conf Validator</title>
  <link>https://www.bsdnow.tv/593</link>
  <guid isPermaLink="false">883c889f-8d16-4519-9be7-b863d68902e4</guid>
  <pubDate>Thu, 09 Jan 2025 11:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/883c889f-8d16-4519-9be7-b863d68902e4.mp3" length="55485696" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>FreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO’s Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more</itunes:subtitle>
  <itunes:duration>57:47</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;FreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO’s Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://klarasystems.com/articles/freebsd14-replaces-sendmail-with-dma/?utm_source=BSD%20Now&amp;amp;utm_medium=Podcast" rel="nofollow noopener"&gt;FreeBSD replaces sendmail with dma&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://dzone.com/articles/why-we-use-freebsd-over-linux-a-ctos-perspective" rel="nofollow noopener"&gt;Why We Use FreeBSD Over Linux: A CTO’s Perspective&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://h3artbl33d.nl/blog/how-i-fell-in-love-with-openbsd" rel="nofollow noopener"&gt;How I fell in love with OpenBSD&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://briancallahan.net/blog/" rel="nofollow noopener"&gt;A GDC package for macOS/aarch64&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://dev.to/scovl/validate-your-freebsd-rcconf-e94" rel="nofollow noopener"&gt;Validate Your FreeBSD rc.conf&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://abnml.com/blog/2024/11/26/replacing-proxmox-with-freebsd-and-bhyve/" rel="nofollow noopener"&gt;Replacing Proxmox with FreeBSD and Bhyve&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://forum.opnsense.org/index.php?topic=44413.0" rel="nofollow noopener"&gt;OPNsense 24.7.10 released&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://blog.smithfamily.org.uk/posts/2024/11/freebsd_print/" rel="nofollow noopener"&gt;Printing With FreeBSD&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tarsnap&lt;/h2&gt;

&lt;p&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/p&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/593/feedback/Christian%20-%20Deprecated%20vs%20Depreciated.md" rel="nofollow noopener"&gt;Christian - Deprecated vs Depreciated&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;h2&gt;Producer Note&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Once we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that.&lt;/li&gt;
&lt;li&gt;Also once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Join us and other BSD Fans in our &lt;a href="https://t.me/bsdnow" rel="nofollow noopener"&gt;BSD Now Telegram channel&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, open source, foss, shell, cli, unix, tools, utility, berkeley, software, distribution, development, code, programming, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, sendmail, dma, dragonfly mail agent, cto perspective, fell in love, gdc package, macos/aarch64, validate, validation, rc.conf, replace, replacement, replacing, proxmox, bhyve, opnsense 24.7.10, printing</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>FreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO’s Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://klarasystems.com/articles/freebsd14-replaces-sendmail-with-dma/?utm_source=BSD%20Now&amp;utm_medium=Podcast" rel="nofollow noopener">FreeBSD replaces sendmail with dma</a></p>

<hr>

<p><a href="https://dzone.com/articles/why-we-use-freebsd-over-linux-a-ctos-perspective" rel="nofollow noopener">Why We Use FreeBSD Over Linux: A CTO’s Perspective</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://h3artbl33d.nl/blog/how-i-fell-in-love-with-openbsd" rel="nofollow noopener">How I fell in love with OpenBSD</a></p>

<hr>

<p><a href="https://briancallahan.net/blog/" rel="nofollow noopener">A GDC package for macOS/aarch64</a></p>

<hr>

<p><a href="https://dev.to/scovl/validate-your-freebsd-rcconf-e94" rel="nofollow noopener">Validate Your FreeBSD rc.conf</a></p>

<hr>

<p><a href="https://abnml.com/blog/2024/11/26/replacing-proxmox-with-freebsd-and-bhyve/" rel="nofollow noopener">Replacing Proxmox with FreeBSD and Bhyve</a></p>

<hr>

<p><a href="https://forum.opnsense.org/index.php?topic=44413.0" rel="nofollow noopener">OPNsense 24.7.10 released</a></p>

<hr>

<p><a href="https://blog.smithfamily.org.uk/posts/2024/11/freebsd_print/" rel="nofollow noopener">Printing With FreeBSD</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/593/feedback/Christian%20-%20Deprecated%20vs%20Depreciated.md" rel="nofollow noopener">Christian - Deprecated vs Depreciated</a></li>
</ul>

<hr>

<h2>Producer Note</h2>

<ul>
<li>Once we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that.</li>
<li>Also once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.</li>
</ul>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>FreeBSD replaces sendmail with dma, Why We Use FreeBSD Over Linux: A CTO’s Perspective, How I fell in love with OpenBSD, A GDC package for macOS/aarch64, Validate Your FreeBSD rc.conf, Replacing Proxmox with FreeBSD and Bhyve, OPNsense 24.7.10 released, Printing With FreeBSD, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://klarasystems.com/articles/freebsd14-replaces-sendmail-with-dma/?utm_source=BSD%20Now&amp;utm_medium=Podcast" rel="nofollow noopener">FreeBSD replaces sendmail with dma</a></p>

<hr>

<p><a href="https://dzone.com/articles/why-we-use-freebsd-over-linux-a-ctos-perspective" rel="nofollow noopener">Why We Use FreeBSD Over Linux: A CTO’s Perspective</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://h3artbl33d.nl/blog/how-i-fell-in-love-with-openbsd" rel="nofollow noopener">How I fell in love with OpenBSD</a></p>

<hr>

<p><a href="https://briancallahan.net/blog/" rel="nofollow noopener">A GDC package for macOS/aarch64</a></p>

<hr>

<p><a href="https://dev.to/scovl/validate-your-freebsd-rcconf-e94" rel="nofollow noopener">Validate Your FreeBSD rc.conf</a></p>

<hr>

<p><a href="https://abnml.com/blog/2024/11/26/replacing-proxmox-with-freebsd-and-bhyve/" rel="nofollow noopener">Replacing Proxmox with FreeBSD and Bhyve</a></p>

<hr>

<p><a href="https://forum.opnsense.org/index.php?topic=44413.0" rel="nofollow noopener">OPNsense 24.7.10 released</a></p>

<hr>

<p><a href="https://blog.smithfamily.org.uk/posts/2024/11/freebsd_print/" rel="nofollow noopener">Printing With FreeBSD</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/593/feedback/Christian%20-%20Deprecated%20vs%20Depreciated.md" rel="nofollow noopener">Christian - Deprecated vs Depreciated</a></li>
</ul>

<hr>

<h2>Producer Note</h2>

<ul>
<li>Once we reach Episode 600, I will be backfilling out fireside website with the older episodes (before 283), depending on how your podcast feed service works, you may get a bunch of new notifications of episodes. Sadly there's nothing I can do about that, but I wanted everyone to be aware that.</li>
<li>Also once we hit 600, we will be announcing some new Patreon Perks and new ways you can engage and get involved with the show. More to come in the upcoming weeks as we finalize those plans amongst the team.</li>
</ul>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </itunes:summary>
</item>
<item>
  <title>560: Why not BSD</title>
  <link>https://www.bsdnow.tv/560</link>
  <guid isPermaLink="false">9822ee64-8eaf-48cf-8603-d583f258fc4f</guid>
  <pubDate>Thu, 23 May 2024 10:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9822ee64-8eaf-48cf-8603-d583f258fc4f.mp3" length="59353728" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>FreeBSD Status Report First Quarter 2024, Why not BSD, LibreSSL version 3.9.2 released, Running NetBSD on OmniOS using bhyve, X.Org on NetBSD, Unix version control lore: what, ident, How I search in 2024, sshd split into multiple binaries, and more</itunes:subtitle>
  <itunes:duration>1:01:49</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;FreeBSD Status Report First Quarter 2024, Why not BSD, LibreSSL version 3.9.2 released, Running NetBSD on OmniOS using bhyve, X.Org on NetBSD, Unix version control lore: what, ident, How I search in 2024, sshd split into multiple binaries, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.freebsd.org/status/report-2024-01-2024-03/" rel="nofollow noopener"&gt;FreeBSD Status Report First Quarter 2024&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://michal.sapka.me/bsd/why-not-bsd/" rel="nofollow noopener"&gt;Why not BSD&lt;/a&gt; + Sequel next week&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://undeadly.org/cgi?action=article;sid=20240512115958" rel="nofollow noopener"&gt;LibreSSL version 3.9.2 released&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://www.tumfatig.net/2024/running-netbsd-on-omnios-using-bhyve/" rel="nofollow noopener"&gt;Running NetBSD on OmniOS using bhyve&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://blog.netbsd.org/tnf/entry/x_org_on_netbsd_the" rel="nofollow noopener"&gt;X.Org on NetBSD - the state of things&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://dotat.at/@/2024-05-13-what-ident.html" rel="nofollow noopener"&gt;Unix version control lore: what, ident&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://vickiboykis.com/2024/04/25/how-i-search-in-2024/" rel="nofollow noopener"&gt;How I search in 2024&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://undeadly.org/cgi?action=article;sid=20240517092416" rel="nofollow noopener"&gt;sshd(8) split into multiple binaries&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tarsnap&lt;/h2&gt;

&lt;p&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/p&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Join us and other BSD Fans in our &lt;a href="https://t.me/bsdnow" rel="nofollow noopener"&gt;BSD Now Telegram channel&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, open source, foss, shell, cli, unix, tools, utility, berkeley, software, distribution, development, code, programming, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, status report, Q1 2024, libressl, omnios, bhyve, version control, lore, what, ident, search, searching, sshd, binaries,</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>FreeBSD Status Report First Quarter 2024, Why not BSD, LibreSSL version 3.9.2 released, Running NetBSD on OmniOS using bhyve, X.Org on NetBSD, Unix version control lore: what, ident, How I search in 2024, sshd split into multiple binaries, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://www.freebsd.org/status/report-2024-01-2024-03/" rel="nofollow noopener">FreeBSD Status Report First Quarter 2024</a></p>

<hr>

<p><a href="https://michal.sapka.me/bsd/why-not-bsd/" rel="nofollow noopener">Why not BSD</a> + Sequel next week</p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://undeadly.org/cgi?action=article;sid=20240512115958" rel="nofollow noopener">LibreSSL version 3.9.2 released</a></p>

<hr>

<p><a href="https://www.tumfatig.net/2024/running-netbsd-on-omnios-using-bhyve/" rel="nofollow noopener">Running NetBSD on OmniOS using bhyve</a></p>

<hr>

<p><a href="https://blog.netbsd.org/tnf/entry/x_org_on_netbsd_the" rel="nofollow noopener">X.Org on NetBSD - the state of things</a></p>

<hr>

<p><a href="https://dotat.at/@/2024-05-13-what-ident.html" rel="nofollow noopener">Unix version control lore: what, ident</a></p>

<hr>

<p><a href="https://vickiboykis.com/2024/04/25/how-i-search-in-2024/" rel="nofollow noopener">How I search in 2024</a></p>

<hr>

<p><a href="https://undeadly.org/cgi?action=article;sid=20240517092416" rel="nofollow noopener">sshd(8) split into multiple binaries</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>FreeBSD Status Report First Quarter 2024, Why not BSD, LibreSSL version 3.9.2 released, Running NetBSD on OmniOS using bhyve, X.Org on NetBSD, Unix version control lore: what, ident, How I search in 2024, sshd split into multiple binaries, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://www.freebsd.org/status/report-2024-01-2024-03/" rel="nofollow noopener">FreeBSD Status Report First Quarter 2024</a></p>

<hr>

<p><a href="https://michal.sapka.me/bsd/why-not-bsd/" rel="nofollow noopener">Why not BSD</a> + Sequel next week</p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://undeadly.org/cgi?action=article;sid=20240512115958" rel="nofollow noopener">LibreSSL version 3.9.2 released</a></p>

<hr>

<p><a href="https://www.tumfatig.net/2024/running-netbsd-on-omnios-using-bhyve/" rel="nofollow noopener">Running NetBSD on OmniOS using bhyve</a></p>

<hr>

<p><a href="https://blog.netbsd.org/tnf/entry/x_org_on_netbsd_the" rel="nofollow noopener">X.Org on NetBSD - the state of things</a></p>

<hr>

<p><a href="https://dotat.at/@/2024-05-13-what-ident.html" rel="nofollow noopener">Unix version control lore: what, ident</a></p>

<hr>

<p><a href="https://vickiboykis.com/2024/04/25/how-i-search-in-2024/" rel="nofollow noopener">How I search in 2024</a></p>

<hr>

<p><a href="https://undeadly.org/cgi?action=article;sid=20240517092416" rel="nofollow noopener">sshd(8) split into multiple binaries</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </itunes:summary>
</item>
<item>
  <title>548: NTP - In Memoriam</title>
  <link>https://www.bsdnow.tv/548</link>
  <guid isPermaLink="false">9fc45182-53da-4b7a-8fa2-a408b12d8a5b</guid>
  <pubDate>Thu, 29 Feb 2024 08:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9fc45182-53da-4b7a-8fa2-a408b12d8a5b.mp3" length="54708480" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>FreeBSD Status Report Q4 2023, In Memorium of the NTP inventor, Migrate a FreeBSD bhyve virtual machine to OmniOS, AI-free blog, Hard disk LEDs and Noisy Machines, SSH based comment system, NetBSD 10 RC.4 is available, and more</itunes:subtitle>
  <itunes:duration>56:59</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;FreeBSD Status Report Q4 2023, In Memorium of the NTP inventor, Migrate a FreeBSD bhyve virtual machine to OmniOS, AI-free blog, Hard disk LEDs and Noisy Machines, SSH based comment system, NetBSD 10 RC.4 is available, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.freebsd.org/status/report-2023-10-2023-12/" rel="nofollow noopener"&gt;FreeBSD Status Report Fourth Quarter 2023&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://arstechnica.com/gadgets/2024/01/inventor-of-ntp-protocol-that-keeps-time-on-billions-of-devices-dies-at-age-85/" rel="nofollow noopener"&gt;In Memoriam : Inventor of NTP protocol that keeps time on billions of devices dies at age 85&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.tumfatig.net/2024/migrate-a-freebsd-bhyve-virtual-machine-to-omnios/?utm_source=bsdweekly" rel="nofollow noopener"&gt;Migrate a FreeBSD bhyve virtual machine to OmniOS&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://dataswamp.org/%7Esolene/2024-01-18-no-ai.html" rel="nofollow noopener"&gt;This blog is AI free&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://jmmv.dev/2023/12/hard-disk-leds-and-noisy-machines.html" rel="nofollow noopener"&gt;Hard disk LEDs and Noisy Machines&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://blog.haschek.at/2023/ssh-based-comment-system.html" rel="nofollow noopener"&gt;SSH based comment system&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://blog.netbsd.org/tnf/entry/netbsd_10_0_rc4_available" rel="nofollow noopener"&gt;NetBSD 10 RC.4 is available&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Beastie Bits&lt;/h2&gt;

&lt;hr&gt;

&lt;h2&gt;Tarsnap&lt;/h2&gt;

&lt;p&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/p&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Join us and other BSD Fans in our &lt;a href="https://t.me/bsdnow" rel="nofollow noopener"&gt;BSD Now Telegram channel&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, open source, foss, shell, cli, unix, tools, utility, berkeley, software, distribution, development, code, programming, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, status report, ntp, memorium, inventor, migration, migrate, bhyve, vm, virtual machine, omnios, ai-free, blog, LED, hard disk, machine, ssh-based, ssh, comment system, netbsd 10 rc 4</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>FreeBSD Status Report Q4 2023, In Memorium of the NTP inventor, Migrate a FreeBSD bhyve virtual machine to OmniOS, AI-free blog, Hard disk LEDs and Noisy Machines, SSH based comment system, NetBSD 10 RC.4 is available, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://www.freebsd.org/status/report-2023-10-2023-12/" rel="nofollow noopener">FreeBSD Status Report Fourth Quarter 2023</a></p>

<hr>

<p><a href="https://arstechnica.com/gadgets/2024/01/inventor-of-ntp-protocol-that-keeps-time-on-billions-of-devices-dies-at-age-85/" rel="nofollow noopener">In Memoriam : Inventor of NTP protocol that keeps time on billions of devices dies at age 85</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://www.tumfatig.net/2024/migrate-a-freebsd-bhyve-virtual-machine-to-omnios/?utm_source=bsdweekly" rel="nofollow noopener">Migrate a FreeBSD bhyve virtual machine to OmniOS</a></p>

<hr>

<p><a href="https://dataswamp.org/%7Esolene/2024-01-18-no-ai.html" rel="nofollow noopener">This blog is AI free</a></p>

<hr>

<p><a href="https://jmmv.dev/2023/12/hard-disk-leds-and-noisy-machines.html" rel="nofollow noopener">Hard disk LEDs and Noisy Machines</a></p>

<hr>

<p><a href="https://blog.haschek.at/2023/ssh-based-comment-system.html" rel="nofollow noopener">SSH based comment system</a></p>

<hr>

<p><a href="https://blog.netbsd.org/tnf/entry/netbsd_10_0_rc4_available" rel="nofollow noopener">NetBSD 10 RC.4 is available</a></p>

<hr>

<h2>Beastie Bits</h2>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>FreeBSD Status Report Q4 2023, In Memorium of the NTP inventor, Migrate a FreeBSD bhyve virtual machine to OmniOS, AI-free blog, Hard disk LEDs and Noisy Machines, SSH based comment system, NetBSD 10 RC.4 is available, and more</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://www.freebsd.org/status/report-2023-10-2023-12/" rel="nofollow noopener">FreeBSD Status Report Fourth Quarter 2023</a></p>

<hr>

<p><a href="https://arstechnica.com/gadgets/2024/01/inventor-of-ntp-protocol-that-keeps-time-on-billions-of-devices-dies-at-age-85/" rel="nofollow noopener">In Memoriam : Inventor of NTP protocol that keeps time on billions of devices dies at age 85</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://www.tumfatig.net/2024/migrate-a-freebsd-bhyve-virtual-machine-to-omnios/?utm_source=bsdweekly" rel="nofollow noopener">Migrate a FreeBSD bhyve virtual machine to OmniOS</a></p>

<hr>

<p><a href="https://dataswamp.org/%7Esolene/2024-01-18-no-ai.html" rel="nofollow noopener">This blog is AI free</a></p>

<hr>

<p><a href="https://jmmv.dev/2023/12/hard-disk-leds-and-noisy-machines.html" rel="nofollow noopener">Hard disk LEDs and Noisy Machines</a></p>

<hr>

<p><a href="https://blog.haschek.at/2023/ssh-based-comment-system.html" rel="nofollow noopener">SSH based comment system</a></p>

<hr>

<p><a href="https://blog.netbsd.org/tnf/entry/netbsd_10_0_rc4_available" rel="nofollow noopener">NetBSD 10 RC.4 is available</a></p>

<hr>

<h2>Beastie Bits</h2>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </itunes:summary>
</item>
<item>
  <title>543: OpenBSD Workstation Hardening</title>
  <link>https://www.bsdnow.tv/543</link>
  <guid isPermaLink="false">caf89436-cf84-432e-a1cd-a88fc3385198</guid>
  <pubDate>Thu, 25 Jan 2024 08:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/caf89436-cf84-432e-a1cd-a88fc3385198.mp3" length="56984832" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release</itunes:subtitle>
  <itunes:duration>59:21</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/" rel="nofollow noopener"&gt;OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://freebsdfoundation.org/blog/continuous-integration-and-workflow-improvement/" rel="nofollow noopener"&gt;2023 in Review: Continuous Integration and Workflow Improvement&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.tumfatig.net/2024/running-openbsd-on-omnios-using-bhyve/" rel="nofollow noopener"&gt;Running OpenBSD on OmniOS using bhyve&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://dan.langille.org/2023/12/25/freebsd-jailed-zfs-datasets-how-do-i-find-the-zfs-snapshot-directory/" rel="nofollow noopener"&gt;FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://dataswamp.org/%7Esolene/2023-12-31-hardened-openbsd-workstation.html" rel="nofollow noopener"&gt;OpenBSD workstation hardening&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://www.undeadly.org/cgi?action=article;sid=20231227120851&amp;amp;utm_source=bsdweekly" rel="nofollow noopener"&gt;KDE Plasma now linked to packages build on -current&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;&lt;a href="https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-3-release" rel="nofollow noopener"&gt;MidnightBSD 3.1.3 release&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tarsnap&lt;/h2&gt;

&lt;p&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/p&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Kieran%20-%20Feedback.md" rel="nofollow noopener"&gt;Kieran - Feedback&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Albin%20-%20links%20inquires%20questions.md" rel="nofollow noopener"&gt;Albin - links inquires questions&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Join us and other BSD Fans in our &lt;a href="https://t.me/bsdnow" rel="nofollow noopener"&gt;BSD Now Telegram channel&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, open source, foss, shell, cli, unix, tools, utility, berkeley, software, distribution, development, code, programming, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, best practices, databases, vm, virtual machine, review 2023, continuous integration, workflow improvement, omnios, bhyve, jailed datasets, workstation, hardening, KDE plasma, midnightbsd</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/" rel="nofollow noopener">OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs</a></p>

<hr>

<p><a href="https://freebsdfoundation.org/blog/continuous-integration-and-workflow-improvement/" rel="nofollow noopener">2023 in Review: Continuous Integration and Workflow Improvement</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://www.tumfatig.net/2024/running-openbsd-on-omnios-using-bhyve/" rel="nofollow noopener">Running OpenBSD on OmniOS using bhyve</a></p>

<hr>

<p><a href="https://dan.langille.org/2023/12/25/freebsd-jailed-zfs-datasets-how-do-i-find-the-zfs-snapshot-directory/" rel="nofollow noopener">FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?</a></p>

<hr>

<p><a href="https://dataswamp.org/%7Esolene/2023-12-31-hardened-openbsd-workstation.html" rel="nofollow noopener">OpenBSD workstation hardening</a></p>

<hr>

<p><a href="https://www.undeadly.org/cgi?action=article;sid=20231227120851&amp;utm_source=bsdweekly" rel="nofollow noopener">KDE Plasma now linked to packages build on -current</a></p>

<hr>

<p><a href="https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-3-release" rel="nofollow noopener">MidnightBSD 3.1.3 release</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Kieran%20-%20Feedback.md" rel="nofollow noopener">Kieran - Feedback</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Albin%20-%20links%20inquires%20questions.md" rel="nofollow noopener">Albin - links inquires questions</a></li>
</ul>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs, 2023 in Review: Continuous Integration and Workflow Improvement, Running OpenBSD on OmniOS using bhyve, FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?, OpenBSD workstation hardening, KDE Plasma now linked to packages build on -current, MidnightBSD 3.1.3 release</p>

<p><strong><em>NOTES</em></strong></p>

<p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<p><a href="https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/" rel="nofollow noopener">OpenZFS Storage Best Practices and Use Cases Part 3: Databases and VMs</a></p>

<hr>

<p><a href="https://freebsdfoundation.org/blog/continuous-integration-and-workflow-improvement/" rel="nofollow noopener">2023 in Review: Continuous Integration and Workflow Improvement</a></p>

<hr>

<h2>News Roundup</h2>

<p><a href="https://www.tumfatig.net/2024/running-openbsd-on-omnios-using-bhyve/" rel="nofollow noopener">Running OpenBSD on OmniOS using bhyve</a></p>

<hr>

<p><a href="https://dan.langille.org/2023/12/25/freebsd-jailed-zfs-datasets-how-do-i-find-the-zfs-snapshot-directory/" rel="nofollow noopener">FreeBSD jailed ZFS datasets – how do I find the .zfs/snapshot directory?</a></p>

<hr>

<p><a href="https://dataswamp.org/%7Esolene/2023-12-31-hardened-openbsd-workstation.html" rel="nofollow noopener">OpenBSD workstation hardening</a></p>

<hr>

<p><a href="https://www.undeadly.org/cgi?action=article;sid=20231227120851&amp;utm_source=bsdweekly" rel="nofollow noopener">KDE Plasma now linked to packages build on -current</a></p>

<hr>

<p><a href="https://bsdsec.net/articles/midnightbsd-security-midnightbsd-3-1-3-release" rel="nofollow noopener">MidnightBSD 3.1.3 release</a></p>

<hr>

<h2>Tarsnap</h2>

<p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Kieran%20-%20Feedback.md" rel="nofollow noopener">Kieran - Feedback</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/543/feedback/Albin%20-%20links%20inquires%20questions.md" rel="nofollow noopener">Albin - links inquires questions</a></li>
</ul>

<hr>

<ul>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li>
<li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" rel="nofollow noopener">BSD Now Telegram channel</a></p></li>
</ul>

<hr>]]>
  </itunes:summary>
</item>
<item>
  <title>484: Birth of stderr</title>
  <link>https://www.bsdnow.tv/484</link>
  <guid isPermaLink="false">4f095d18-aa8c-465b-956d-03ca0f1f16f8</guid>
  <pubDate>Thu, 08 Dec 2022 03:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4f095d18-aa8c-465b-956d-03ca0f1f16f8.mp3" length="34985472" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Virtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more </itunes:subtitle>
  <itunes:duration>36:26</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Virtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more &lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/virtualization-showdown-freebsd-bhyve-linux-kvm/" rel="nofollow noopener"&gt;Virtualization showdown – FreeBSD’s bhyve vs. Linux’s KVM&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.spinellis.gr/blog/20131211/" rel="nofollow noopener"&gt;The Birth of Standard Error&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://blog.pkh.me/p/35-investigating-why-steam-started-picking-a-random-font.html" rel="nofollow noopener"&gt;Investigating why Steam started picking a random font&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://taras.glek.net/post/curious-case-of-maintaining-sufficient-free-space-with-zfs/" rel="nofollow noopener"&gt;Curious Case of Maintaining Sufficient Free Space with ZFS&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://undeadly.org/cgi?action=article;sid=20221120113149" rel="nofollow noopener"&gt;Call for testing on updated Apple M1/M2 bootloader code&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://camandro.org/blog/2022-09-30-freebsd-on-my-workstation.html" rel="nofollow noopener"&gt;FreeBSD on my workstation&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/Brad%20-%20Initial%20Setup.md" rel="nofollow noopener"&gt;Brad - Initial Setup&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/joseph%20-%20openbsd%20and%20postgresql.md" rel="nofollow noopener"&gt;Joseph - openbsd and postgresql&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, bhyve, kvm, virtualization, virtual, vm, standard error, stderr, steam, random, font, free space, M1, M2, bootloader, workstation</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Virtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more </p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/virtualization-showdown-freebsd-bhyve-linux-kvm/" rel="nofollow noopener">Virtualization showdown – FreeBSD’s bhyve vs. Linux’s KVM</a></h3>

<hr>

<h3><a href="https://www.spinellis.gr/blog/20131211/" rel="nofollow noopener">The Birth of Standard Error</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://blog.pkh.me/p/35-investigating-why-steam-started-picking-a-random-font.html" rel="nofollow noopener">Investigating why Steam started picking a random font</a></h3>

<hr>

<h3><a href="https://taras.glek.net/post/curious-case-of-maintaining-sufficient-free-space-with-zfs/" rel="nofollow noopener">Curious Case of Maintaining Sufficient Free Space with ZFS</a></h3>

<hr>

<h3><a href="https://undeadly.org/cgi?action=article;sid=20221120113149" rel="nofollow noopener">Call for testing on updated Apple M1/M2 bootloader code</a></h3>

<hr>

<h3><a href="https://camandro.org/blog/2022-09-30-freebsd-on-my-workstation.html" rel="nofollow noopener">FreeBSD on my workstation</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/Brad%20-%20Initial%20Setup.md" rel="nofollow noopener">Brad - Initial Setup</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/joseph%20-%20openbsd%20and%20postgresql.md" rel="nofollow noopener">Joseph - openbsd and postgresql</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Virtualization showdown, The Birth of Standard Error, why Steam started picking a random font, Maintaining Sufficient Free Space with ZFS, updated Apple M1/M2 bootloader, code, FreeBSD on my workstation, and more </p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/virtualization-showdown-freebsd-bhyve-linux-kvm/" rel="nofollow noopener">Virtualization showdown – FreeBSD’s bhyve vs. Linux’s KVM</a></h3>

<hr>

<h3><a href="https://www.spinellis.gr/blog/20131211/" rel="nofollow noopener">The Birth of Standard Error</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://blog.pkh.me/p/35-investigating-why-steam-started-picking-a-random-font.html" rel="nofollow noopener">Investigating why Steam started picking a random font</a></h3>

<hr>

<h3><a href="https://taras.glek.net/post/curious-case-of-maintaining-sufficient-free-space-with-zfs/" rel="nofollow noopener">Curious Case of Maintaining Sufficient Free Space with ZFS</a></h3>

<hr>

<h3><a href="https://undeadly.org/cgi?action=article;sid=20221120113149" rel="nofollow noopener">Call for testing on updated Apple M1/M2 bootloader code</a></h3>

<hr>

<h3><a href="https://camandro.org/blog/2022-09-30-freebsd-on-my-workstation.html" rel="nofollow noopener">FreeBSD on my workstation</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/Brad%20-%20Initial%20Setup.md" rel="nofollow noopener">Brad - Initial Setup</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/484/feedback/joseph%20-%20openbsd%20and%20postgresql.md" rel="nofollow noopener">Joseph - openbsd and postgresql</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>464: Compiling with kefir</title>
  <link>https://www.bsdnow.tv/464</link>
  <guid isPermaLink="false">c5e043ce-2ec3-4eef-8d99-0ca38ed1fad5</guid>
  <pubDate>Thu, 21 Jul 2022 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c5e043ce-2ec3-4eef-8d99-0ca38ed1fad5.mp3" length="23780520" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>From 0 to bhyve on FreeBSD, Analyze OpenBSD’s Kernel with Domain-Specific Knowledge, OpenBSD Webzine: ISSUE #10, HardenedBSD June 2022 Status Report, two new C compilers: chibicc and kefir in OpenBSD, SSD TRIM in NetBSD HEAD, and more</itunes:subtitle>
  <itunes:duration>39:20</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;From 0 to bhyve on FreeBSD, Analyze OpenBSD’s Kernel with Domain-Specific Knowledge, OpenBSD Webzine: ISSUE #10, HardenedBSD June 2022 Status Report, two new C compilers: chibicc and kefir in OpenBSD, SSD TRIM in NetBSD HEAD, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/from-0-to-bhyve-on-freebsd-13-1/" rel="nofollow noopener"&gt;From 0 to Bhyve on FreeBSD 13.1&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://medium.com/@chrissicool/analyze-openbsds-kernel-with-domain-specific-knowledge-ca665d92eebb" rel="nofollow noopener"&gt;Analyze OpenBSD’s Kernel with Domain-Specific Knowledge&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://webzine.puffy.cafe/issue-10.html" rel="nofollow noopener"&gt;OpenBSD Webzine: ISSUE #10&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://hardenedbsd.org/article/shawn-webb/2022-06-28/hardenedbsd-june-2022-status-report" rel="nofollow noopener"&gt;HardenedBSD June 2022 Status Report&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://briancallahan.net/blog/20220629.html" rel="nofollow noopener"&gt;OpenBSD has two new C compilers: chibicc and kefir&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.unitedbsd.com/d/859-ssd-trim-in-netbsd-head-current" rel="nofollow noopener"&gt;SSD TRIM in NetBSD HEAD (-current)&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, filesystem, interview, ports, packages, jails, bhyve, domain specific knowledge, analysis, analytics, webzine, issue, new edition, status report, chibicc, kefir, compiler, ssd, trim, trim support </itunes:keywords>
  <content:encoded>
    <![CDATA[<p>From 0 to bhyve on FreeBSD, Analyze OpenBSD’s Kernel with Domain-Specific Knowledge, OpenBSD Webzine: ISSUE #10, HardenedBSD June 2022 Status Report, two new C compilers: chibicc and kefir in OpenBSD, SSD TRIM in NetBSD HEAD, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/from-0-to-bhyve-on-freebsd-13-1/" rel="nofollow noopener">From 0 to Bhyve on FreeBSD 13.1</a></h3>

<hr>

<h3><a href="https://medium.com/@chrissicool/analyze-openbsds-kernel-with-domain-specific-knowledge-ca665d92eebb" rel="nofollow noopener">Analyze OpenBSD’s Kernel with Domain-Specific Knowledge</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://webzine.puffy.cafe/issue-10.html" rel="nofollow noopener">OpenBSD Webzine: ISSUE #10</a></h3>

<hr>

<h3><a href="https://hardenedbsd.org/article/shawn-webb/2022-06-28/hardenedbsd-june-2022-status-report" rel="nofollow noopener">HardenedBSD June 2022 Status Report</a></h3>

<hr>

<h3><a href="https://briancallahan.net/blog/20220629.html" rel="nofollow noopener">OpenBSD has two new C compilers: chibicc and kefir</a></h3>

<hr>

<h3><a href="https://www.unitedbsd.com/d/859-ssd-trim-in-netbsd-head-current" rel="nofollow noopener">SSD TRIM in NetBSD HEAD (-current)</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>From 0 to bhyve on FreeBSD, Analyze OpenBSD’s Kernel with Domain-Specific Knowledge, OpenBSD Webzine: ISSUE #10, HardenedBSD June 2022 Status Report, two new C compilers: chibicc and kefir in OpenBSD, SSD TRIM in NetBSD HEAD, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/from-0-to-bhyve-on-freebsd-13-1/" rel="nofollow noopener">From 0 to Bhyve on FreeBSD 13.1</a></h3>

<hr>

<h3><a href="https://medium.com/@chrissicool/analyze-openbsds-kernel-with-domain-specific-knowledge-ca665d92eebb" rel="nofollow noopener">Analyze OpenBSD’s Kernel with Domain-Specific Knowledge</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://webzine.puffy.cafe/issue-10.html" rel="nofollow noopener">OpenBSD Webzine: ISSUE #10</a></h3>

<hr>

<h3><a href="https://hardenedbsd.org/article/shawn-webb/2022-06-28/hardenedbsd-june-2022-status-report" rel="nofollow noopener">HardenedBSD June 2022 Status Report</a></h3>

<hr>

<h3><a href="https://briancallahan.net/blog/20220629.html" rel="nofollow noopener">OpenBSD has two new C compilers: chibicc and kefir</a></h3>

<hr>

<h3><a href="https://www.unitedbsd.com/d/859-ssd-trim-in-netbsd-head-current" rel="nofollow noopener">SSD TRIM in NetBSD HEAD (-current)</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>463: The 1.0 Legend</title>
  <link>https://www.bsdnow.tv/463</link>
  <guid isPermaLink="false">3131f5d6-8a20-474b-94c3-1da8ebac50ce</guid>
  <pubDate>Thu, 14 Jul 2022 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/3131f5d6-8a20-474b-94c3-1da8ebac50ce.mp3" length="32116704" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Differences between base and ports LLVM in OpenBSD, Netgraph for FreeBSD’s bhyve Networking, Audio on FreeBSD – Quick Guide, FreeBSD’s Legend starts at 1.0, Hacker News running by FreeBSD, TrueNAS 13, and more</itunes:subtitle>
  <itunes:duration>55:11</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Differences between base and ports LLVM in OpenBSD, Netgraph for FreeBSD’s bhyve Networking, Audio on FreeBSD – Quick Guide, FreeBSD’s Legend starts at 1.0, Hacker News running by FreeBSD, TrueNAS 13, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.cambus.net/differences-between-base-and-ports-llvm-in-openbsd/" rel="nofollow noopener"&gt;Differences between base and ports LLVM in OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/using-netgraph-for-freebsds-bhyve-networking/?utm_source=bsdweekly" rel="nofollow noopener"&gt;Using Netgraph for FreeBSD’s bhyve Networking&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://freebsdfoundation.org/freebsd-project/resources/audio-on-freebsd/" rel="nofollow noopener"&gt;Audio on FreeBSD – Quick Guide&lt;/a&gt;&lt;/h3&gt;

&lt;h3&gt;[Legends start at 1.0! – FreeBSD in 1993]&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://eerielinux.wordpress.com/2022/06/18/legends-start-at-1-0-freebsd-in-1993-pt-1/" rel="nofollow noopener"&gt;Part 1&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://eerielinux.wordpress.com/2022/06/19/legends-start-at-1-0-freebsd-in-1993-pt-2/" rel="nofollow noopener"&gt;Part 2&lt;/a&gt;
***
### &lt;a href="https://news.ycombinator.com/item?id=16076041" rel="nofollow noopener"&gt;Hacker News running by FreeBSD. Take that, Linux!&lt;/a&gt;
***
### &lt;a href="https://www.theregister.com/2022/05/11/truenas_13_released/" rel="nofollow noopener"&gt;TrueNAS 13&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Beastie Bits&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://undeadly.org/cgi?action=article;sid=20220628135253" rel="nofollow noopener"&gt;Notable OpenBSD news you may have missed, 2022-06-28 edition&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/indgy/refind-bsd-black" rel="nofollow noopener"&gt;rEFInd design for all the BSDs&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://undeadly.org/cgi?action=article;sid=20220619185920" rel="nofollow noopener"&gt;OpenBGPD 7.4 released&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://ghostbsd.org/22.06.18_iso_is_now_available" rel="nofollow noopener"&gt;Hotfix GhostBSD 22.06.18 ISO is now available&lt;/a&gt;
***
###Tarsnap&lt;/li&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Brad%20-%20Jails%20Question.md" rel="nofollow noopener"&gt;Brad - Jails Question&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Freezr%20-%20A%20few%20questions.md" rel="nofollow noopener"&gt;Freezr - A few questions&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/A%20different%20Brad%20-%20Drive%20question.md" rel="nofollow noopener"&gt;A different Brad - Drive question&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, filesystem, interview, ports, packages, jails, llvm, base vs. ports, compiler, netgraph, bhyve, audio, guide, legend, 1993, hacker news, truenas 13</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Differences between base and ports LLVM in OpenBSD, Netgraph for FreeBSD’s bhyve Networking, Audio on FreeBSD – Quick Guide, FreeBSD’s Legend starts at 1.0, Hacker News running by FreeBSD, TrueNAS 13, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.cambus.net/differences-between-base-and-ports-llvm-in-openbsd/" rel="nofollow noopener">Differences between base and ports LLVM in OpenBSD</a></h3>

<hr>

<h3><a href="https://klarasystems.com/articles/using-netgraph-for-freebsds-bhyve-networking/?utm_source=bsdweekly" rel="nofollow noopener">Using Netgraph for FreeBSD’s bhyve Networking</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://freebsdfoundation.org/freebsd-project/resources/audio-on-freebsd/" rel="nofollow noopener">Audio on FreeBSD – Quick Guide</a></h3>

<h3>[Legends start at 1.0! – FreeBSD in 1993]</h3>

<ul>
<li><a href="https://eerielinux.wordpress.com/2022/06/18/legends-start-at-1-0-freebsd-in-1993-pt-1/" rel="nofollow noopener">Part 1</a></li>
<li><a href="https://eerielinux.wordpress.com/2022/06/19/legends-start-at-1-0-freebsd-in-1993-pt-2/" rel="nofollow noopener">Part 2</a>
***
### <a href="https://news.ycombinator.com/item?id=16076041" rel="nofollow noopener">Hacker News running by FreeBSD. Take that, Linux!</a>
***
### <a href="https://www.theregister.com/2022/05/11/truenas_13_released/" rel="nofollow noopener">TrueNAS 13</a>
***</li>
</ul>

<h2>Beastie Bits</h2>

<ul>
<li><a href="http://undeadly.org/cgi?action=article;sid=20220628135253" rel="nofollow noopener">Notable OpenBSD news you may have missed, 2022-06-28 edition</a></li>
<li><a href="https://github.com/indgy/refind-bsd-black" rel="nofollow noopener">rEFInd design for all the BSDs</a></li>
<li><a href="https://undeadly.org/cgi?action=article;sid=20220619185920" rel="nofollow noopener">OpenBGPD 7.4 released</a></li>
<li><a href="http://ghostbsd.org/22.06.18_iso_is_now_available" rel="nofollow noopener">Hotfix GhostBSD 22.06.18 ISO is now available</a>
***
###Tarsnap</li>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Brad%20-%20Jails%20Question.md" rel="nofollow noopener">Brad - Jails Question</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Freezr%20-%20A%20few%20questions.md" rel="nofollow noopener">Freezr - A few questions</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/A%20different%20Brad%20-%20Drive%20question.md" rel="nofollow noopener">A different Brad - Drive question</a></p></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Differences between base and ports LLVM in OpenBSD, Netgraph for FreeBSD’s bhyve Networking, Audio on FreeBSD – Quick Guide, FreeBSD’s Legend starts at 1.0, Hacker News running by FreeBSD, TrueNAS 13, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.cambus.net/differences-between-base-and-ports-llvm-in-openbsd/" rel="nofollow noopener">Differences between base and ports LLVM in OpenBSD</a></h3>

<hr>

<h3><a href="https://klarasystems.com/articles/using-netgraph-for-freebsds-bhyve-networking/?utm_source=bsdweekly" rel="nofollow noopener">Using Netgraph for FreeBSD’s bhyve Networking</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://freebsdfoundation.org/freebsd-project/resources/audio-on-freebsd/" rel="nofollow noopener">Audio on FreeBSD – Quick Guide</a></h3>

<h3>[Legends start at 1.0! – FreeBSD in 1993]</h3>

<ul>
<li><a href="https://eerielinux.wordpress.com/2022/06/18/legends-start-at-1-0-freebsd-in-1993-pt-1/" rel="nofollow noopener">Part 1</a></li>
<li><a href="https://eerielinux.wordpress.com/2022/06/19/legends-start-at-1-0-freebsd-in-1993-pt-2/" rel="nofollow noopener">Part 2</a>
***
### <a href="https://news.ycombinator.com/item?id=16076041" rel="nofollow noopener">Hacker News running by FreeBSD. Take that, Linux!</a>
***
### <a href="https://www.theregister.com/2022/05/11/truenas_13_released/" rel="nofollow noopener">TrueNAS 13</a>
***</li>
</ul>

<h2>Beastie Bits</h2>

<ul>
<li><a href="http://undeadly.org/cgi?action=article;sid=20220628135253" rel="nofollow noopener">Notable OpenBSD news you may have missed, 2022-06-28 edition</a></li>
<li><a href="https://github.com/indgy/refind-bsd-black" rel="nofollow noopener">rEFInd design for all the BSDs</a></li>
<li><a href="https://undeadly.org/cgi?action=article;sid=20220619185920" rel="nofollow noopener">OpenBGPD 7.4 released</a></li>
<li><a href="http://ghostbsd.org/22.06.18_iso_is_now_available" rel="nofollow noopener">Hotfix GhostBSD 22.06.18 ISO is now available</a>
***
###Tarsnap</li>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Brad%20-%20Jails%20Question.md" rel="nofollow noopener">Brad - Jails Question</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/Freezr%20-%20A%20few%20questions.md" rel="nofollow noopener">Freezr - A few questions</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/463/feedback/A%20different%20Brad%20-%20Drive%20question.md" rel="nofollow noopener">A different Brad - Drive question</a></p></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>456: FreeBSD 13.1</title>
  <link>https://www.bsdnow.tv/456</link>
  <guid isPermaLink="false">634c66ea-7d91-4d0d-bb47-5d55f50b7029</guid>
  <pubDate>Thu, 26 May 2022 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/634c66ea-7d91-4d0d-bb47-5d55f50b7029.mp3" length="29382912" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>FreeBSD 13.1 is released, Unix command line conventions over time, Branching for NetBSD 10, Microbhyve, Own your Calendar and Contacts with OpenBSD, the PSARC case for ZFS, and more</itunes:subtitle>
  <itunes:duration>51:19</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;FreeBSD 13.1 is released, Unix command line conventions over time, Branching for NetBSD 10, Microbhyve, Own your Calendar and Contacts with OpenBSD, the PSARC case for ZFS, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.freebsd.org/releases/13.1R/announce/" rel="nofollow noopener"&gt;FreeBSD 13.1 Release is available&lt;/a&gt;&lt;/h3&gt;

&lt;h3&gt;&lt;a href="https://blog.liw.fi/posts/2022/05/07/unix-cli/" rel="nofollow noopener"&gt;Unix command line conventions over time&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://mail-index.netbsd.org/current-users/2022/05/02/msg042278.html" rel="nofollow noopener"&gt;Branching for NetBSD 10&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://github.com/cbsd/microbhyve" rel="nofollow noopener"&gt;Microbyhve&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://baak6.com/baikal-openbsd-fossdroid/" rel="nofollow noopener"&gt;Own Your Calendar &amp;amp; Contacts With OpenBSD, Baïkal, and FOSS Android&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://twitter.com/mmusante/status/1518947283626246145?t=tzR6KeMx2mhjJfeoOqrHIw&amp;amp;s=03" rel="nofollow noopener"&gt;Twenty years ago today, Jeff filed the PSARC case for the ZFS filesystem&lt;/a&gt;&lt;/h3&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Scott%20-%20FreeBSD%20and%20supercomputing.md" rel="nofollow noopener"&gt;Scott - FreeBSD and supercomputing&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Nick%20-%20Thanks%20and%20some%20shout%20outs.md" rel="nofollow noopener"&gt;Nick - Thanks and some shout outs&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, filesystem, interview, ports, packages, jails, 13.1, command line, convention, branching, branch, bhyve, microbhyve, calendar, contacts, sync, baikal, foss, android, psarc case, case filing </itunes:keywords>
  <content:encoded>
    <![CDATA[<p>FreeBSD 13.1 is released, Unix command line conventions over time, Branching for NetBSD 10, Microbhyve, Own your Calendar and Contacts with OpenBSD, the PSARC case for ZFS, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.freebsd.org/releases/13.1R/announce/" rel="nofollow noopener">FreeBSD 13.1 Release is available</a></h3>

<h3><a href="https://blog.liw.fi/posts/2022/05/07/unix-cli/" rel="nofollow noopener">Unix command line conventions over time</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://mail-index.netbsd.org/current-users/2022/05/02/msg042278.html" rel="nofollow noopener">Branching for NetBSD 10</a></h3>

<hr>

<h3><a href="https://github.com/cbsd/microbhyve" rel="nofollow noopener">Microbyhve</a></h3>

<hr>

<h3><a href="https://baak6.com/baikal-openbsd-fossdroid/" rel="nofollow noopener">Own Your Calendar &amp; Contacts With OpenBSD, Baïkal, and FOSS Android</a></h3>

<hr>

<h3><a href="https://twitter.com/mmusante/status/1518947283626246145?t=tzR6KeMx2mhjJfeoOqrHIw&amp;s=03" rel="nofollow noopener">Twenty years ago today, Jeff filed the PSARC case for the ZFS filesystem</a></h3>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Scott%20-%20FreeBSD%20and%20supercomputing.md" rel="nofollow noopener">Scott - FreeBSD and supercomputing</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Nick%20-%20Thanks%20and%20some%20shout%20outs.md" rel="nofollow noopener">Nick - Thanks and some shout outs</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>FreeBSD 13.1 is released, Unix command line conventions over time, Branching for NetBSD 10, Microbhyve, Own your Calendar and Contacts with OpenBSD, the PSARC case for ZFS, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.freebsd.org/releases/13.1R/announce/" rel="nofollow noopener">FreeBSD 13.1 Release is available</a></h3>

<h3><a href="https://blog.liw.fi/posts/2022/05/07/unix-cli/" rel="nofollow noopener">Unix command line conventions over time</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://mail-index.netbsd.org/current-users/2022/05/02/msg042278.html" rel="nofollow noopener">Branching for NetBSD 10</a></h3>

<hr>

<h3><a href="https://github.com/cbsd/microbhyve" rel="nofollow noopener">Microbyhve</a></h3>

<hr>

<h3><a href="https://baak6.com/baikal-openbsd-fossdroid/" rel="nofollow noopener">Own Your Calendar &amp; Contacts With OpenBSD, Baïkal, and FOSS Android</a></h3>

<hr>

<h3><a href="https://twitter.com/mmusante/status/1518947283626246145?t=tzR6KeMx2mhjJfeoOqrHIw&amp;s=03" rel="nofollow noopener">Twenty years ago today, Jeff filed the PSARC case for the ZFS filesystem</a></h3>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Scott%20-%20FreeBSD%20and%20supercomputing.md" rel="nofollow noopener">Scott - FreeBSD and supercomputing</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/456/feedback/Nick%20-%20Thanks%20and%20some%20shout%20outs.md" rel="nofollow noopener">Nick - Thanks and some shout outs</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>417: bhyve private cloud</title>
  <link>https://www.bsdnow.tv/417</link>
  <guid isPermaLink="false">63b2639c-ad67-45db-9581-8053963313c2</guid>
  <pubDate>Thu, 26 Aug 2021 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/63b2639c-ad67-45db-9581-8053963313c2.mp3" length="34928712" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Achieving RPO/RTO Objectives with ZFS pt 1, FreeBSD Foundation Q2 report, OpenBSD full Tor setup, MyBee - bhyve as private cloud, FreeBSD home fileserver expansion, OpenBSD on Framework Laptop, portable GELI, and more.</itunes:subtitle>
  <itunes:duration>57:18</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Achieving RPO/RTO Objectives with ZFS pt 1, FreeBSD Foundation Q2 report, OpenBSD full Tor setup, MyBee - bhyve as private cloud, FreeBSD home fileserver expansion, OpenBSD on Framework Laptop, portable GELI, and more.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/achieving-rpo-rto-objectives-with-zfs-part-1/" rel="nofollow noopener"&gt;Achieving RPO/RTO Objectives with ZFS - Part 1&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://freebsdfoundation.org/blog/freebsd-foundation-q2-2021-status-update/" rel="nofollow noopener"&gt;FreeBSD Foundation Q2 Report&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://dataswamp.org/%7Esolene/2021-07-25-openbsd-full-tor.html" rel="nofollow noopener"&gt;OpenBSD full Tor setup&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://habr.com/en/post/569226/" rel="nofollow noopener"&gt;MyBee — FreeBSD OS and hypervisor bhyve as private cloud&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://rubenerd.com/expanding-our-freebsd-home-file-server/" rel="nofollow noopener"&gt;Expanding our FreeBSD home file server&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://jcs.org/2021/08/06/framework" rel="nofollow noopener"&gt;OpenBSD on the Framework Laptop&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="http://bijanebrahimi.github.io/blog/portable-geli.html" rel="nofollow noopener"&gt;Portable GELI&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Chunky_pie%20-%20zfs%20question.md" rel="nofollow noopener"&gt;Chunky_pie - zfs question&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Paul%20-%20several%20questions.md" rel="nofollow noopener"&gt;Paul - several questions&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/chris%20-%20firewall%20question.md" rel="nofollow noopener"&gt;chris - firewall question&lt;/a&gt;
***&lt;/li&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, interview, ports, packages, rpo, rto, objectives, foundation, second quarter report, tor setup, mybee, private cloud, bhyve, fileserver, home, expansion, framework laptop, portable, geli, encryption, disk</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Achieving RPO/RTO Objectives with ZFS pt 1, FreeBSD Foundation Q2 report, OpenBSD full Tor setup, MyBee - bhyve as private cloud, FreeBSD home fileserver expansion, OpenBSD on Framework Laptop, portable GELI, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/achieving-rpo-rto-objectives-with-zfs-part-1/" rel="nofollow noopener">Achieving RPO/RTO Objectives with ZFS - Part 1</a></h3>

<hr>

<h3><a href="https://freebsdfoundation.org/blog/freebsd-foundation-q2-2021-status-update/" rel="nofollow noopener">FreeBSD Foundation Q2 Report</a></h3>

<hr>

<h3><a href="https://dataswamp.org/%7Esolene/2021-07-25-openbsd-full-tor.html" rel="nofollow noopener">OpenBSD full Tor setup</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://habr.com/en/post/569226/" rel="nofollow noopener">MyBee — FreeBSD OS and hypervisor bhyve as private cloud</a></h3>

<hr>

<h3><a href="https://rubenerd.com/expanding-our-freebsd-home-file-server/" rel="nofollow noopener">Expanding our FreeBSD home file server</a></h3>

<hr>

<h3><a href="https://jcs.org/2021/08/06/framework" rel="nofollow noopener">OpenBSD on the Framework Laptop</a></h3>

<hr>

<h3><a href="http://bijanebrahimi.github.io/blog/portable-geli.html" rel="nofollow noopener">Portable GELI</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Chunky_pie%20-%20zfs%20question.md" rel="nofollow noopener">Chunky_pie - zfs question</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Paul%20-%20several%20questions.md" rel="nofollow noopener">Paul - several questions</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/chris%20-%20firewall%20question.md" rel="nofollow noopener">chris - firewall question</a>
***</li>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Achieving RPO/RTO Objectives with ZFS pt 1, FreeBSD Foundation Q2 report, OpenBSD full Tor setup, MyBee - bhyve as private cloud, FreeBSD home fileserver expansion, OpenBSD on Framework Laptop, portable GELI, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/achieving-rpo-rto-objectives-with-zfs-part-1/" rel="nofollow noopener">Achieving RPO/RTO Objectives with ZFS - Part 1</a></h3>

<hr>

<h3><a href="https://freebsdfoundation.org/blog/freebsd-foundation-q2-2021-status-update/" rel="nofollow noopener">FreeBSD Foundation Q2 Report</a></h3>

<hr>

<h3><a href="https://dataswamp.org/%7Esolene/2021-07-25-openbsd-full-tor.html" rel="nofollow noopener">OpenBSD full Tor setup</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://habr.com/en/post/569226/" rel="nofollow noopener">MyBee — FreeBSD OS and hypervisor bhyve as private cloud</a></h3>

<hr>

<h3><a href="https://rubenerd.com/expanding-our-freebsd-home-file-server/" rel="nofollow noopener">Expanding our FreeBSD home file server</a></h3>

<hr>

<h3><a href="https://jcs.org/2021/08/06/framework" rel="nofollow noopener">OpenBSD on the Framework Laptop</a></h3>

<hr>

<h3><a href="http://bijanebrahimi.github.io/blog/portable-geli.html" rel="nofollow noopener">Portable GELI</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Chunky_pie%20-%20zfs%20question.md" rel="nofollow noopener">Chunky_pie - zfs question</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/Paul%20-%20several%20questions.md" rel="nofollow noopener">Paul - several questions</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/417/feedback/chris%20-%20firewall%20question.md" rel="nofollow noopener">chris - firewall question</a>
***</li>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>406: Jailed Gemini Capsule</title>
  <link>https://www.bsdnow.tv/406</link>
  <guid isPermaLink="false">e3529950-4aa4-49f7-833d-0218a912b866</guid>
  <pubDate>Thu, 10 Jun 2021 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e3529950-4aa4-49f7-833d-0218a912b866.mp3" length="33123216" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.</itunes:subtitle>
  <itunes:duration>54:01</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.ecliptik.com/Gemini-Capsule-in-a-FreeBSD-Jail/" rel="nofollow noopener"&gt;Gemini Capsule in a FreeBSD Jail&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;With the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.&lt;br&gt;
In particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.&lt;br&gt;
I also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-announce/2021-May/002033.html" rel="nofollow noopener"&gt;FreeBSD Quarterly status report 2021Q1&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://bentsukun.ch/posts/bhyve-netbsd/" rel="nofollow noopener"&gt;NetBSD VM on bhyve (on TrueNAS)&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;My new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.&lt;br&gt;
TrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.cyberciti.biz/interview/michael-lucas-bsd-unix-it-and-other-books-author/" rel="nofollow noopener"&gt;Interview with Michael Lucas *BSD, Unix, IT and other books author&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Michael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.&lt;br&gt;
+&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.netgate.com/blog/pfsense-wireguard-returns-as-an-experimental-package.html" rel="nofollow noopener"&gt;pfSense – WireGuard Returns as Experimental Package&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://box.matto.nl/cgi-with-awk-on-openbsd-httpd.html" rel="nofollow noopener"&gt;CGI with Awk on OpenBSD httpd&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;
&lt;/blockquote&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questionsing&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/Adam%20-%20system%20state%20during%20upgrade" rel="nofollow noopener"&gt;Adam - system state during upgrade&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/paul%20-%20BSD%20grep" rel="nofollow noopener"&gt;paul - BSD grep&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/sub%20-%20feedback" rel="nofollow noopener"&gt;sub - feedback&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, interview, ports, packages, gemini capsule, jail, status report, vm, bhyve, Michael Lucas, wireguard, experimental package, pfsense, cgi, awk, httpd</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.ecliptik.com/Gemini-Capsule-in-a-FreeBSD-Jail/" rel="nofollow noopener">Gemini Capsule in a FreeBSD Jail</a></h3>

<blockquote>
<p>With the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.<br>
In particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.<br>
I also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.</p>
</blockquote>

<hr>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2021-May/002033.html" rel="nofollow noopener">FreeBSD Quarterly status report 2021Q1</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://bentsukun.ch/posts/bhyve-netbsd/" rel="nofollow noopener">NetBSD VM on bhyve (on TrueNAS)</a></h3>

<blockquote>
<p>My new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.<br>
TrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).</p>
</blockquote>

<hr>

<h3><a href="https://www.cyberciti.biz/interview/michael-lucas-bsd-unix-it-and-other-books-author/" rel="nofollow noopener">Interview with Michael Lucas *BSD, Unix, IT and other books author</a></h3>

<blockquote>
<p>Michael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.<br>
+</p>

<hr>

<h3><a href="https://www.netgate.com/blog/pfsense-wireguard-returns-as-an-experimental-package.html" rel="nofollow noopener">pfSense – WireGuard Returns as Experimental Package</a></h3>

<hr>

<h3><a href="https://box.matto.nl/cgi-with-awk-on-openbsd-httpd.html" rel="nofollow noopener">CGI with Awk on OpenBSD httpd</a></h3>

<hr>
</blockquote>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questionsing</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/Adam%20-%20system%20state%20during%20upgrade" rel="nofollow noopener">Adam - system state during upgrade</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/paul%20-%20BSD%20grep" rel="nofollow noopener">paul - BSD grep</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/sub%20-%20feedback" rel="nofollow noopener">sub - feedback</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.ecliptik.com/Gemini-Capsule-in-a-FreeBSD-Jail/" rel="nofollow noopener">Gemini Capsule in a FreeBSD Jail</a></h3>

<blockquote>
<p>With the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.<br>
In particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.<br>
I also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.</p>
</blockquote>

<hr>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2021-May/002033.html" rel="nofollow noopener">FreeBSD Quarterly status report 2021Q1</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://bentsukun.ch/posts/bhyve-netbsd/" rel="nofollow noopener">NetBSD VM on bhyve (on TrueNAS)</a></h3>

<blockquote>
<p>My new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.<br>
TrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).</p>
</blockquote>

<hr>

<h3><a href="https://www.cyberciti.biz/interview/michael-lucas-bsd-unix-it-and-other-books-author/" rel="nofollow noopener">Interview with Michael Lucas *BSD, Unix, IT and other books author</a></h3>

<blockquote>
<p>Michael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.<br>
+</p>

<hr>

<h3><a href="https://www.netgate.com/blog/pfsense-wireguard-returns-as-an-experimental-package.html" rel="nofollow noopener">pfSense – WireGuard Returns as Experimental Package</a></h3>

<hr>

<h3><a href="https://box.matto.nl/cgi-with-awk-on-openbsd-httpd.html" rel="nofollow noopener">CGI with Awk on OpenBSD httpd</a></h3>

<hr>
</blockquote>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questionsing</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/Adam%20-%20system%20state%20during%20upgrade" rel="nofollow noopener">Adam - system state during upgrade</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/paul%20-%20BSD%20grep" rel="nofollow noopener">paul - BSD grep</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/sub%20-%20feedback" rel="nofollow noopener">sub - feedback</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>396: License to thrill</title>
  <link>https://www.bsdnow.tv/396</link>
  <guid isPermaLink="false">db1ced31-e2bc-41f2-baca-041c750229f4</guid>
  <pubDate>Thu, 01 Apr 2021 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/db1ced31-e2bc-41f2-baca-041c750229f4.mp3" length="30506976" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Description: FreeBSD Network Troubleshooting, The State of FreeBSD, dhcpleased, bhyve for Calamares Development, EFS automount and ebsnvme-id, Old Usenix pictures, and more.</itunes:subtitle>
  <itunes:duration>53:27</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;FreeBSD Network Troubleshooting, The State of FreeBSD, dhcpleased, bhyve for Calamares Development, EFS automount and ebsnvme-id, Old Usenix pictures, and more.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/freebsd-network-troubleshooting-understanding-network-performance/" rel="nofollow noopener"&gt;FreeBSD Network Troubleshooting&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;FreeBSD has a full set of debugging features, and the network stack is able to report a ton of information. So much that it can be hard to figure out what is relevant and what is not.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.theregister.com/2021/03/10/the_state_of_freebsd/" rel="nofollow noopener"&gt;The State of FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;p&gt;License to thrill: Ahead of v13.0, the FreeBSD team talks about Linux and the completed toolchain project that changes everything&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://undeadly.org/cgi?action=article;sid=20210227232424" rel="nofollow noopener"&gt;dhcpleased(8) - DHCP client daemon&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;With the following commit, Florian Obser (florian@) imported dhcpleased(8), DHCP daemon to acquire IPv4 address leases from servers, plus dhcpleasectl(8), a utility to control the daemon:&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://euroquis.nl//freebsd/2021/03/05/bhyve.html" rel="nofollow noopener"&gt;bhyve for Calamares Development&lt;/a&gt;&lt;/h3&gt;

&lt;p&gt;bhyve (pronounced “bee hive”) is a hypervisor for BSD systems (and Illumos / openSolaris). It is geared towards server workloads, but does support desktop-oriented operation as well. I spent some time wayyyy back in November wrestling with it in order to replace VirtualBox for Calamares testing on FreeBSD. The “golden hint” as far as I’m concerned came from Karen Bruner and now I have a functioning Calamares test-ground that is more useful than before.&lt;br&gt;
“Calamares is a free and open-source independent and distro-agnostic system installer for Linux distributions.“&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.daemonology.net/blog/2020-05-31-Some-new-FreeBSD-EC2-features.html" rel="nofollow noopener"&gt;Some new FreeBSD/EC2 features: EFS automount and ebsnvme-id&lt;/a&gt;&lt;/h3&gt;

&lt;p&gt;As my regular readers will be aware, I've been working on and gradually improving FreeBSD/EC2 for many years. Recently I've added two new features, which are available in the weekly HEAD and 12-STABLE snapshots and will appear in releases starting from 12.2-RELEASE.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="http://lists.nycbug.org/pipermail/talk/2021-February/018304.html" rel="nofollow noopener"&gt;Old Usenix pictures&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;Beastie Bits&lt;/h2&gt;

&lt;h3&gt;[&lt;a href="https://2021.eurobsdcon.org/%5D(CFP" rel="nofollow noopener"&gt;https://2021.eurobsdcon.org/](CFP&lt;/a&gt; is open until May 26th, 2021)&lt;/h3&gt;

&lt;p&gt;EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 16-19 2021 in Vienna, Austria or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday.&lt;br&gt;
The Call for Talk and Presentation proposals period will close on May 26th, 2021.  Prospective speakers will be notified of acceptance or otherwise by June 1st, 2021.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;[&lt;a href="https://campgnd.com/%5D(CFP" rel="nofollow noopener"&gt;https://campgnd.com/](CFP&lt;/a&gt; is open until 2021-04-15)&lt;/h3&gt;

&lt;p&gt;campgndd will be held May 28th, 29th and 30th 2021, from wherever you happen to be.&lt;br&gt;
We're looking for submissions on anything you're enthusiastic and excited about. If you enjoy it, the odds are we will too! You don't need to be an expert to propose anything.&lt;br&gt;
Some example of things we are looking for are:&lt;br&gt;
    Talks&lt;br&gt;
    Walkthroughs&lt;br&gt;
    Music&lt;/p&gt;

&lt;h3&gt;From the Desk of Michael Lucas…&lt;/h3&gt;

&lt;pre&gt;&lt;code&gt;New Release: Only Footnotes
I’ve lost count of the number of people who have told me that they purchase my books only for the footnotes. That’s okay. I don’t care why people buy my books, only that they do buy them. Nevertheless, I am a businessman living under capitalism and feel compelled to respond to my market.
Allow me to present my latest release: Only Footnotes, a handsome hardcover-only compilation of decades of footnotes. From the back cover:
-----
Only Footnotes. Because that’s why you read his books.
Academics hate footnotes. Michael W Lucas loves them. What he does with them wouldn’t pass academic muster, but that doesn’t mean the reader should skip them. The footnotes are the best part! Why not read only the footnotes, and skip all that other junk?
After literal minutes of effort, Only Footnotes collects every single footnote from all of Lucas’ books to date.* Recycle those cumbersome treatises stuffed with irrelevant facts! No more flipping through pages and pages of actual technical knowledge looking for the offhand movie reference or half-formed joke. This slender, elegant volume contains everything the man ever passed off as his dubious, malformed “wisdom.”
Smart books have footnotes. Smarter books are only footnotes.
*plus additional annotations from the author. Because sometimes even a footnote needs a footnote.
----
With interior illustrations by OpenBSD’s akoshibe, this distinguished tome would make fine inspirational reading for a system administrator, network engineer, or anyone sentenced to a life in information technology. Available at all fine bookstores, and many mediocre ones!
&lt;/code&gt;&lt;/pre&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
&lt;/blockquote&gt;

&lt;p&gt;Special Guest: Tom Jones.&lt;/p&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, interview, network, troubleshooting, dhcpleased, bhyve, calamares, efs, automount, ebsnvme-id, nvme, usenix, old pictures, book</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>FreeBSD Network Troubleshooting, The State of FreeBSD, dhcpleased, bhyve for Calamares Development, EFS automount and ebsnvme-id, Old Usenix pictures, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/freebsd-network-troubleshooting-understanding-network-performance/" rel="nofollow noopener">FreeBSD Network Troubleshooting</a></h3>

<blockquote>
<p>FreeBSD has a full set of debugging features, and the network stack is able to report a ton of information. So much that it can be hard to figure out what is relevant and what is not.</p>

<hr>

<h3><a href="https://www.theregister.com/2021/03/10/the_state_of_freebsd/" rel="nofollow noopener">The State of FreeBSD</a></h3>

<p>License to thrill: Ahead of v13.0, the FreeBSD team talks about Linux and the completed toolchain project that changes everything</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://undeadly.org/cgi?action=article;sid=20210227232424" rel="nofollow noopener">dhcpleased(8) - DHCP client daemon</a></h3>

<blockquote>
<p>With the following commit, Florian Obser (florian@) imported dhcpleased(8), DHCP daemon to acquire IPv4 address leases from servers, plus dhcpleasectl(8), a utility to control the daemon:</p>

<hr>

<h3><a href="https://euroquis.nl//freebsd/2021/03/05/bhyve.html" rel="nofollow noopener">bhyve for Calamares Development</a></h3>

<p>bhyve (pronounced “bee hive”) is a hypervisor for BSD systems (and Illumos / openSolaris). It is geared towards server workloads, but does support desktop-oriented operation as well. I spent some time wayyyy back in November wrestling with it in order to replace VirtualBox for Calamares testing on FreeBSD. The “golden hint” as far as I’m concerned came from Karen Bruner and now I have a functioning Calamares test-ground that is more useful than before.<br>
“Calamares is a free and open-source independent and distro-agnostic system installer for Linux distributions.“</p>

<hr>

<h3><a href="https://www.daemonology.net/blog/2020-05-31-Some-new-FreeBSD-EC2-features.html" rel="nofollow noopener">Some new FreeBSD/EC2 features: EFS automount and ebsnvme-id</a></h3>

<p>As my regular readers will be aware, I've been working on and gradually improving FreeBSD/EC2 for many years. Recently I've added two new features, which are available in the weekly HEAD and 12-STABLE snapshots and will appear in releases starting from 12.2-RELEASE.</p>

<hr>

<h3><a href="http://lists.nycbug.org/pipermail/talk/2021-February/018304.html" rel="nofollow noopener">Old Usenix pictures</a></h3>

<hr>

<h2>Beastie Bits</h2>

<h3>[<a href="https://2021.eurobsdcon.org/%5D(CFP" rel="nofollow noopener">https://2021.eurobsdcon.org/](CFP</a> is open until May 26th, 2021)</h3>

<p>EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 16-19 2021 in Vienna, Austria or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday.<br>
The Call for Talk and Presentation proposals period will close on May 26th, 2021.  Prospective speakers will be notified of acceptance or otherwise by June 1st, 2021.</p>

<hr>

<h3>[<a href="https://campgnd.com/%5D(CFP" rel="nofollow noopener">https://campgnd.com/](CFP</a> is open until 2021-04-15)</h3>

<p>campgndd will be held May 28th, 29th and 30th 2021, from wherever you happen to be.<br>
We're looking for submissions on anything you're enthusiastic and excited about. If you enjoy it, the odds are we will too! You don't need to be an expert to propose anything.<br>
Some example of things we are looking for are:<br>
    Talks<br>
    Walkthroughs<br>
    Music</p>

<h3>From the Desk of Michael Lucas…</h3>

<pre><code>New Release: Only Footnotes
I’ve lost count of the number of people who have told me that they purchase my books only for the footnotes. That’s okay. I don’t care why people buy my books, only that they do buy them. Nevertheless, I am a businessman living under capitalism and feel compelled to respond to my market.
Allow me to present my latest release: Only Footnotes, a handsome hardcover-only compilation of decades of footnotes. From the back cover:
-----
Only Footnotes. Because that’s why you read his books.
Academics hate footnotes. Michael W Lucas loves them. What he does with them wouldn’t pass academic muster, but that doesn’t mean the reader should skip them. The footnotes are the best part! Why not read only the footnotes, and skip all that other junk?
After literal minutes of effort, Only Footnotes collects every single footnote from all of Lucas’ books to date.* Recycle those cumbersome treatises stuffed with irrelevant facts! No more flipping through pages and pages of actual technical knowledge looking for the offhand movie reference or half-formed joke. This slender, elegant volume contains everything the man ever passed off as his dubious, malformed “wisdom.”
Smart books have footnotes. Smarter books are only footnotes.
*plus additional annotations from the author. Because sometimes even a footnote needs a footnote.
----
With interior illustrations by OpenBSD’s akoshibe, this distinguished tome would make fine inspirational reading for a system administrator, network engineer, or anyone sentenced to a life in information technology. Available at all fine bookstores, and many mediocre ones!
</code></pre>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>
</blockquote><p>Special Guest: Tom Jones.</p>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>FreeBSD Network Troubleshooting, The State of FreeBSD, dhcpleased, bhyve for Calamares Development, EFS automount and ebsnvme-id, Old Usenix pictures, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/freebsd-network-troubleshooting-understanding-network-performance/" rel="nofollow noopener">FreeBSD Network Troubleshooting</a></h3>

<blockquote>
<p>FreeBSD has a full set of debugging features, and the network stack is able to report a ton of information. So much that it can be hard to figure out what is relevant and what is not.</p>

<hr>

<h3><a href="https://www.theregister.com/2021/03/10/the_state_of_freebsd/" rel="nofollow noopener">The State of FreeBSD</a></h3>

<p>License to thrill: Ahead of v13.0, the FreeBSD team talks about Linux and the completed toolchain project that changes everything</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://undeadly.org/cgi?action=article;sid=20210227232424" rel="nofollow noopener">dhcpleased(8) - DHCP client daemon</a></h3>

<blockquote>
<p>With the following commit, Florian Obser (florian@) imported dhcpleased(8), DHCP daemon to acquire IPv4 address leases from servers, plus dhcpleasectl(8), a utility to control the daemon:</p>

<hr>

<h3><a href="https://euroquis.nl//freebsd/2021/03/05/bhyve.html" rel="nofollow noopener">bhyve for Calamares Development</a></h3>

<p>bhyve (pronounced “bee hive”) is a hypervisor for BSD systems (and Illumos / openSolaris). It is geared towards server workloads, but does support desktop-oriented operation as well. I spent some time wayyyy back in November wrestling with it in order to replace VirtualBox for Calamares testing on FreeBSD. The “golden hint” as far as I’m concerned came from Karen Bruner and now I have a functioning Calamares test-ground that is more useful than before.<br>
“Calamares is a free and open-source independent and distro-agnostic system installer for Linux distributions.“</p>

<hr>

<h3><a href="https://www.daemonology.net/blog/2020-05-31-Some-new-FreeBSD-EC2-features.html" rel="nofollow noopener">Some new FreeBSD/EC2 features: EFS automount and ebsnvme-id</a></h3>

<p>As my regular readers will be aware, I've been working on and gradually improving FreeBSD/EC2 for many years. Recently I've added two new features, which are available in the weekly HEAD and 12-STABLE snapshots and will appear in releases starting from 12.2-RELEASE.</p>

<hr>

<h3><a href="http://lists.nycbug.org/pipermail/talk/2021-February/018304.html" rel="nofollow noopener">Old Usenix pictures</a></h3>

<hr>

<h2>Beastie Bits</h2>

<h3>[<a href="https://2021.eurobsdcon.org/%5D(CFP" rel="nofollow noopener">https://2021.eurobsdcon.org/](CFP</a> is open until May 26th, 2021)</h3>

<p>EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 16-19 2021 in Vienna, Austria or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday.<br>
The Call for Talk and Presentation proposals period will close on May 26th, 2021.  Prospective speakers will be notified of acceptance or otherwise by June 1st, 2021.</p>

<hr>

<h3>[<a href="https://campgnd.com/%5D(CFP" rel="nofollow noopener">https://campgnd.com/](CFP</a> is open until 2021-04-15)</h3>

<p>campgndd will be held May 28th, 29th and 30th 2021, from wherever you happen to be.<br>
We're looking for submissions on anything you're enthusiastic and excited about. If you enjoy it, the odds are we will too! You don't need to be an expert to propose anything.<br>
Some example of things we are looking for are:<br>
    Talks<br>
    Walkthroughs<br>
    Music</p>

<h3>From the Desk of Michael Lucas…</h3>

<pre><code>New Release: Only Footnotes
I’ve lost count of the number of people who have told me that they purchase my books only for the footnotes. That’s okay. I don’t care why people buy my books, only that they do buy them. Nevertheless, I am a businessman living under capitalism and feel compelled to respond to my market.
Allow me to present my latest release: Only Footnotes, a handsome hardcover-only compilation of decades of footnotes. From the back cover:
-----
Only Footnotes. Because that’s why you read his books.
Academics hate footnotes. Michael W Lucas loves them. What he does with them wouldn’t pass academic muster, but that doesn’t mean the reader should skip them. The footnotes are the best part! Why not read only the footnotes, and skip all that other junk?
After literal minutes of effort, Only Footnotes collects every single footnote from all of Lucas’ books to date.* Recycle those cumbersome treatises stuffed with irrelevant facts! No more flipping through pages and pages of actual technical knowledge looking for the offhand movie reference or half-formed joke. This slender, elegant volume contains everything the man ever passed off as his dubious, malformed “wisdom.”
Smart books have footnotes. Smarter books are only footnotes.
*plus additional annotations from the author. Because sometimes even a footnote needs a footnote.
----
With interior illustrations by OpenBSD’s akoshibe, this distinguished tome would make fine inspirational reading for a system administrator, network engineer, or anyone sentenced to a life in information technology. Available at all fine bookstores, and many mediocre ones!
</code></pre>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>
</blockquote><p>Special Guest: Tom Jones.</p>]]>
  </itunes:summary>
</item>
<item>
  <title>394: FreeBSD on Mars</title>
  <link>https://www.bsdnow.tv/394</link>
  <guid isPermaLink="false">65a9a52b-9058-4d08-8c38-8a1bffad6c86</guid>
  <pubDate>Thu, 18 Mar 2021 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/65a9a52b-9058-4d08-8c38-8a1bffad6c86.mp3" length="45911352" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Onboard Scheduler for the Mars 2020 Rover, Practical Guide to Storage of Large Amounts of Microscopy Data, OpenBSD guest with bhyve - OmniOS, NextCloud on OpenBSD, MySQL Transactions - the physical side, TrueNAS 12.0-U2.1 is released, HardenedBSD 2021 State of the Hardened Union, and more</itunes:subtitle>
  <itunes:duration>43:31</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Onboard Scheduler for the Mars 2020 Rover, Practical Guide to Storage of Large Amounts of Microscopy Data, OpenBSD guest with bhyve - OmniOS, NextCloud on OpenBSD, MySQL Transactions - the physical side, TrueNAS 12.0-U2.1 is released, HardenedBSD 2021 State of the Hardened Union, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://ai.jpl.nasa.gov/public/documents/papers/rabideau_iwpss2017_prototyping.pdf" rel="nofollow noopener"&gt;Prototyping an Onboard Scheduler for the Mars 2020 Rover&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The mars rover runs VxWorks, which is based on BSD, and uses the FreeBSD networking stack. While there has been a lot of type about the little helicopter that was inside the rover running Linux, the rover itself runs BSD.
***
### &lt;a href="https://www.cambridge.org/core/journals/microscopy-today/article/practical-guide-to-storage-of-large-amounts-of-microscopy-data/D3CE39447BFF5BBF9B3ED8A0C35C6F36" rel="nofollow noopener"&gt;Practical Guide to Storage of Large Amounts of Microscopy Data&lt;/a&gt;
&amp;gt; Biological imaging tools continue to increase in speed, scale, and resolution, often resulting in the collection of gigabytes or even terabytes of data in a single experiment. In comparison, the ability of research laboratories to store and manage this data is lagging greatly. This leads to limits on the collection of valuable data and slows data analysis and research progress. Here we review common ways researchers store data and outline the drawbacks and benefits of each method. We also offer a blueprint and budget estimation for a currently deployed data server used to store large datasets from zebrafish brain activity experiments using light-sheet microscopy. Data storage strategy should be carefully considered and different options compared when designing imaging experiments.
***
## News Roundup
### &lt;a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow noopener"&gt;OpenBSD guest with bhyve - OmniOS&lt;/a&gt;
&amp;gt; Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.
&amp;gt; This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.
***
### &lt;a href="https://h3artbl33d.nl/blog/nextcloud-on-openbsd" rel="nofollow noopener"&gt;NextCloud on OpenBSD&lt;/a&gt;
&amp;gt; NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://blog.koehntopp.info/2020/07/27/mysql-transactions.html" rel="nofollow noopener"&gt;MySQL Transactions - the physical side&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;So you talk to a database, doing transactions. What happens actually, behind the scenes? Let’s have a look.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.truenas.com/docs/hub/intro/release-notes/12.0u2.1/" rel="nofollow noopener"&gt;TrueNAS 12.0-U2.1 is released&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.nycbug.org/index?action=view&amp;amp;id=10682" rel="nofollow noopener"&gt;HardenedBSD 2021 State of the Hardened Union - NYCBUG - 2021-04-07&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;
&lt;/blockquote&gt;

&lt;h2&gt;Beastie Bits&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://freebsdfoundation.org/our-work/journal/" rel="nofollow noopener"&gt;FreeBSD Journal: Case Studies&lt;/a&gt;
***
###Tarsnap&lt;/li&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Al%20-%20BusyNAS" rel="nofollow noopener"&gt;Al - BusyNAS&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Jeff%20-%20ZFS%20and%20NFS%20on%20FreeBSD" rel="nofollow noopener"&gt;Jeff - ZFS and NFS on FreeBSD&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Michael%20-%20remote%20unlock%20for%20encrypted%20systems" rel="nofollow noopener"&gt;Michael - remote unlock for encrypted systems&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, interview, mars, rover, vxworks, network stack, microscopy, large data, bhyve, guest, nextcloud, mysql, transaction, truenas, state of the union</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Onboard Scheduler for the Mars 2020 Rover, Practical Guide to Storage of Large Amounts of Microscopy Data, OpenBSD guest with bhyve - OmniOS, NextCloud on OpenBSD, MySQL Transactions - the physical side, TrueNAS 12.0-U2.1 is released, HardenedBSD 2021 State of the Hardened Union, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://ai.jpl.nasa.gov/public/documents/papers/rabideau_iwpss2017_prototyping.pdf" rel="nofollow noopener">Prototyping an Onboard Scheduler for the Mars 2020 Rover</a></h3>

<ul>
<li>The mars rover runs VxWorks, which is based on BSD, and uses the FreeBSD networking stack. While there has been a lot of type about the little helicopter that was inside the rover running Linux, the rover itself runs BSD.
***
### <a href="https://www.cambridge.org/core/journals/microscopy-today/article/practical-guide-to-storage-of-large-amounts-of-microscopy-data/D3CE39447BFF5BBF9B3ED8A0C35C6F36" rel="nofollow noopener">Practical Guide to Storage of Large Amounts of Microscopy Data</a>
&gt; Biological imaging tools continue to increase in speed, scale, and resolution, often resulting in the collection of gigabytes or even terabytes of data in a single experiment. In comparison, the ability of research laboratories to store and manage this data is lagging greatly. This leads to limits on the collection of valuable data and slows data analysis and research progress. Here we review common ways researchers store data and outline the drawbacks and benefits of each method. We also offer a blueprint and budget estimation for a currently deployed data server used to store large datasets from zebrafish brain activity experiments using light-sheet microscopy. Data storage strategy should be carefully considered and different options compared when designing imaging experiments.
***
## News Roundup
### <a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow noopener">OpenBSD guest with bhyve - OmniOS</a>
&gt; Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.
&gt; This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.
***
### <a href="https://h3artbl33d.nl/blog/nextcloud-on-openbsd" rel="nofollow noopener">NextCloud on OpenBSD</a>
&gt; NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.</li>
</ul>

<hr>

<h3><a href="https://blog.koehntopp.info/2020/07/27/mysql-transactions.html" rel="nofollow noopener">MySQL Transactions - the physical side</a></h3>

<blockquote>
<p>So you talk to a database, doing transactions. What happens actually, behind the scenes? Let’s have a look.</p>

<hr>

<h3><a href="https://www.truenas.com/docs/hub/intro/release-notes/12.0u2.1/" rel="nofollow noopener">TrueNAS 12.0-U2.1 is released</a></h3>

<hr>

<h3><a href="https://www.nycbug.org/index?action=view&amp;id=10682" rel="nofollow noopener">HardenedBSD 2021 State of the Hardened Union - NYCBUG - 2021-04-07</a></h3>

<hr>
</blockquote>

<h2>Beastie Bits</h2>

<ul>
<li><a href="https://freebsdfoundation.org/our-work/journal/" rel="nofollow noopener">FreeBSD Journal: Case Studies</a>
***
###Tarsnap</li>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Al%20-%20BusyNAS" rel="nofollow noopener">Al - BusyNAS</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Jeff%20-%20ZFS%20and%20NFS%20on%20FreeBSD" rel="nofollow noopener">Jeff - ZFS and NFS on FreeBSD</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Michael%20-%20remote%20unlock%20for%20encrypted%20systems" rel="nofollow noopener">Michael - remote unlock for encrypted systems</a></p>

<hr></li>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p>

<hr></li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Onboard Scheduler for the Mars 2020 Rover, Practical Guide to Storage of Large Amounts of Microscopy Data, OpenBSD guest with bhyve - OmniOS, NextCloud on OpenBSD, MySQL Transactions - the physical side, TrueNAS 12.0-U2.1 is released, HardenedBSD 2021 State of the Hardened Union, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://ai.jpl.nasa.gov/public/documents/papers/rabideau_iwpss2017_prototyping.pdf" rel="nofollow noopener">Prototyping an Onboard Scheduler for the Mars 2020 Rover</a></h3>

<ul>
<li>The mars rover runs VxWorks, which is based on BSD, and uses the FreeBSD networking stack. While there has been a lot of type about the little helicopter that was inside the rover running Linux, the rover itself runs BSD.
***
### <a href="https://www.cambridge.org/core/journals/microscopy-today/article/practical-guide-to-storage-of-large-amounts-of-microscopy-data/D3CE39447BFF5BBF9B3ED8A0C35C6F36" rel="nofollow noopener">Practical Guide to Storage of Large Amounts of Microscopy Data</a>
&gt; Biological imaging tools continue to increase in speed, scale, and resolution, often resulting in the collection of gigabytes or even terabytes of data in a single experiment. In comparison, the ability of research laboratories to store and manage this data is lagging greatly. This leads to limits on the collection of valuable data and slows data analysis and research progress. Here we review common ways researchers store data and outline the drawbacks and benefits of each method. We also offer a blueprint and budget estimation for a currently deployed data server used to store large datasets from zebrafish brain activity experiments using light-sheet microscopy. Data storage strategy should be carefully considered and different options compared when designing imaging experiments.
***
## News Roundup
### <a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow noopener">OpenBSD guest with bhyve - OmniOS</a>
&gt; Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.
&gt; This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.
***
### <a href="https://h3artbl33d.nl/blog/nextcloud-on-openbsd" rel="nofollow noopener">NextCloud on OpenBSD</a>
&gt; NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.</li>
</ul>

<hr>

<h3><a href="https://blog.koehntopp.info/2020/07/27/mysql-transactions.html" rel="nofollow noopener">MySQL Transactions - the physical side</a></h3>

<blockquote>
<p>So you talk to a database, doing transactions. What happens actually, behind the scenes? Let’s have a look.</p>

<hr>

<h3><a href="https://www.truenas.com/docs/hub/intro/release-notes/12.0u2.1/" rel="nofollow noopener">TrueNAS 12.0-U2.1 is released</a></h3>

<hr>

<h3><a href="https://www.nycbug.org/index?action=view&amp;id=10682" rel="nofollow noopener">HardenedBSD 2021 State of the Hardened Union - NYCBUG - 2021-04-07</a></h3>

<hr>
</blockquote>

<h2>Beastie Bits</h2>

<ul>
<li><a href="https://freebsdfoundation.org/our-work/journal/" rel="nofollow noopener">FreeBSD Journal: Case Studies</a>
***
###Tarsnap</li>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Al%20-%20BusyNAS" rel="nofollow noopener">Al - BusyNAS</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Jeff%20-%20ZFS%20and%20NFS%20on%20FreeBSD" rel="nofollow noopener">Jeff - ZFS and NFS on FreeBSD</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/394/feedback/Michael%20-%20remote%20unlock%20for%20encrypted%20systems" rel="nofollow noopener">Michael - remote unlock for encrypted systems</a></p>

<hr></li>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p>

<hr></li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>375: Virtually everything</title>
  <link>https://www.bsdnow.tv/375</link>
  <guid isPermaLink="false">66a4f529-c2fb-4a8e-83db-9f6cd6ff0809</guid>
  <pubDate>Thu, 05 Nov 2020 06:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/66a4f529-c2fb-4a8e-83db-9f6cd6ff0809.mp3" length="43394088" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle> bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more.</itunes:subtitle>
  <itunes:duration>44:48</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. &lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/" rel="nofollow noopener"&gt;bhyve - The FreeBSD Hypervisor&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;ZFS and FreeBSD Support&lt;/h3&gt;

&lt;p&gt;Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. &lt;a href="https://klarasystems.com/support/" rel="nofollow noopener"&gt;Check it out on our website!&lt;/a&gt;&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h3&gt;&lt;a href="https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b" rel="nofollow noopener"&gt;udf info leak&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;FreeBSD UDF driver info leak&lt;br&gt;
Analysis done on FreeBSD release 11.0 because that's what I had around.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://svnweb.freebsd.org/changeset/base/366005" rel="nofollow noopener"&gt;Fix committed to FreeBSD&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
&lt;/blockquote&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/VimNowAUser" rel="nofollow noopener"&gt;I'm now a user of Vim, not classical Vi (partly because of windows)&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/" rel="nofollow noopener"&gt;FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware&lt;/a&gt;&lt;/h3&gt;

&lt;p&gt;With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/" rel="nofollow noopener"&gt;Introduction of a new FreeBSD Remote Process Plugin in LLDB&lt;/a&gt;&lt;/h3&gt;

&lt;p&gt;Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://functionallyparanoid.com/2020/10/14/openbsd-laptop/" rel="nofollow noopener"&gt;OpenBSD Laptop&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…&lt;/p&gt;

&lt;hr&gt;
&lt;/blockquote&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md" rel="nofollow noopener"&gt;Ethan - Linux user wanting to try out OpenBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md" rel="nofollow noopener"&gt;iian - Learning IT&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md" rel="nofollow noopener"&gt;johnny - bsd swag&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, shell, unix, os, berkeley, software, distribution, zfs, zpool, dataset, interview, bhyve, hypervisor, udf, udf driver, information leak, vim, vi, esxi, arm, virtual hardware, remote process plugin, lldb, laptop</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. </p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/" rel="nofollow noopener">bhyve - The FreeBSD Hypervisor</a></h3>

<blockquote>
<p>FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.</p>

<hr>

<h3>ZFS and FreeBSD Support</h3>

<p>Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. <a href="https://klarasystems.com/support/" rel="nofollow noopener">Check it out on our website!</a></p>
</blockquote>

<h3><a href="https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b" rel="nofollow noopener">udf info leak</a></h3>

<blockquote>
<p>FreeBSD UDF driver info leak<br>
Analysis done on FreeBSD release 11.0 because that's what I had around.</p>

<ul>
<li><a href="https://svnweb.freebsd.org/changeset/base/366005" rel="nofollow noopener">Fix committed to FreeBSD</a>
***</li>
</ul>
</blockquote>

<h2>News Roundup</h2>

<h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/VimNowAUser" rel="nofollow noopener">I'm now a user of Vim, not classical Vi (partly because of windows)</a></h3>

<blockquote>
<p>In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.</p>

<hr>

<h3><a href="https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/" rel="nofollow noopener">FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware</a></h3>

<p>With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.</p>

<hr>

<h3><a href="https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/" rel="nofollow noopener">Introduction of a new FreeBSD Remote Process Plugin in LLDB</a></h3>

<p>Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.</p>
</blockquote>

<hr>

<h3><a href="https://functionallyparanoid.com/2020/10/14/openbsd-laptop/" rel="nofollow noopener">OpenBSD Laptop</a></h3>

<blockquote>
<p>Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…</p>

<hr>
</blockquote>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md" rel="nofollow noopener">Ethan - Linux user wanting to try out OpenBSD</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md" rel="nofollow noopener">iian - Learning IT</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md" rel="nofollow noopener">johnny - bsd swag</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. </p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/" rel="nofollow noopener">bhyve - The FreeBSD Hypervisor</a></h3>

<blockquote>
<p>FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance.</p>

<hr>

<h3>ZFS and FreeBSD Support</h3>

<p>Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. <a href="https://klarasystems.com/support/" rel="nofollow noopener">Check it out on our website!</a></p>
</blockquote>

<h3><a href="https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b" rel="nofollow noopener">udf info leak</a></h3>

<blockquote>
<p>FreeBSD UDF driver info leak<br>
Analysis done on FreeBSD release 11.0 because that's what I had around.</p>

<ul>
<li><a href="https://svnweb.freebsd.org/changeset/base/366005" rel="nofollow noopener">Fix committed to FreeBSD</a>
***</li>
</ul>
</blockquote>

<h2>News Roundup</h2>

<h3><a href="https://utcc.utoronto.ca/%7Ecks/space/blog/unix/VimNowAUser" rel="nofollow noopener">I'm now a user of Vim, not classical Vi (partly because of windows)</a></h3>

<blockquote>
<p>In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi.</p>

<hr>

<h3><a href="https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/" rel="nofollow noopener">FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware</a></h3>

<p>With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes.</p>

<hr>

<h3><a href="https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/" rel="nofollow noopener">Introduction of a new FreeBSD Remote Process Plugin in LLDB</a></h3>

<p>Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one.</p>
</blockquote>

<hr>

<h3><a href="https://functionallyparanoid.com/2020/10/14/openbsd-laptop/" rel="nofollow noopener">OpenBSD Laptop</a></h3>

<blockquote>
<p>Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go…</p>

<hr>
</blockquote>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md" rel="nofollow noopener">Ethan - Linux user wanting to try out OpenBSD</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md" rel="nofollow noopener">iian - Learning IT</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md" rel="nofollow noopener">johnny - bsd swag</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>359: Throwaway Browser</title>
  <link>https://www.bsdnow.tv/359</link>
  <guid isPermaLink="false">b066740d-03a5-423b-9ab9-8936c3246979</guid>
  <pubDate>Thu, 16 Jul 2020 07:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b066740d-03a5-423b-9ab9-8936c3246979.mp3" length="44787992" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.</itunes:subtitle>
  <itunes:duration>43:25</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://honeyguide.eu/posts/pot-throwaway-firefox/" rel="nofollow noopener"&gt;Throw-Away Browser on FreeBSD With "pot" Within 5 Minutes&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;pot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow noopener"&gt;OpenBSD guest with bhyve - OmniOS&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.&lt;br&gt;
This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://distrowatch.com/weekly.php?issue=20200622#qa" rel="nofollow noopener"&gt;BSD versus Linux distribution development&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Q: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?&lt;br&gt;
DistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://corrupted.io/2020/06/21/my-freebsd-laptop-build.html" rel="nofollow noopener"&gt;My FreeBSD Laptop Build&lt;/a&gt;&lt;/h3&gt;

&lt;p&gt;I have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.&lt;br&gt;
So with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="http://up.bsd.lv" rel="nofollow noopener"&gt;FreeBSD CURRENT Binary Upgrades&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Disclaimer
This proof-of-concept is not a publication of FreeBSD.&lt;/li&gt;
&lt;li&gt;Description
up.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.&lt;/li&gt;
&lt;/ul&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Karl%20-%20pfsense.md" rel="nofollow noopener"&gt;Karl - pfsense&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Val%20-%20esxi%20question.md" rel="nofollow noopener"&gt;Val - esxi question&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/lars%20-%20openbsd%20router%20hardware.md" rel="nofollow noopener"&gt;lars - openbsd router hardware&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, zfs, interview, browser, throw-away, throw away, pot, omnios, vm, guest, virtualization, bhyve, linux, development, distribution, laptop, binary upgrades</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://honeyguide.eu/posts/pot-throwaway-firefox/" rel="nofollow noopener">Throw-Away Browser on FreeBSD With "pot" Within 5 Minutes</a></h3>

<blockquote>
<p>pot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).</p>
</blockquote>

<hr>

<h3><a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow noopener">OpenBSD guest with bhyve - OmniOS</a></h3>

<blockquote>
<p>Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.<br>
This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://distrowatch.com/weekly.php?issue=20200622#qa" rel="nofollow noopener">BSD versus Linux distribution development</a></h3>

<blockquote>
<p>Q: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?<br>
DistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.</p>

<hr>

<h3><a href="https://corrupted.io/2020/06/21/my-freebsd-laptop-build.html" rel="nofollow noopener">My FreeBSD Laptop Build</a></h3>

<p>I have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.<br>
So with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.</p>

<hr>

<h3><a href="http://up.bsd.lv" rel="nofollow noopener">FreeBSD CURRENT Binary Upgrades</a></h3>

<ul>
<li>Disclaimer
This proof-of-concept is not a publication of FreeBSD.</li>
<li>Description
up.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.</li>
</ul>
</blockquote>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Karl%20-%20pfsense.md" rel="nofollow noopener">Karl - pfsense</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Val%20-%20esxi%20question.md" rel="nofollow noopener">Val - esxi question</a></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/lars%20-%20openbsd%20router%20hardware.md" rel="nofollow noopener">lars - openbsd router hardware</a></p>

<hr></li>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p>

<hr></li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Throw-Away Browser on FreeBSD With "pot" within 5 minutes, OmniOS as OpenBSD guest with bhyve, BSD vs Linux distro development, My FreeBSD Laptop Build, FreeBSD CURRENT Binary Upgrades, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://honeyguide.eu/posts/pot-throwaway-firefox/" rel="nofollow noopener">Throw-Away Browser on FreeBSD With "pot" Within 5 Minutes</a></h3>

<blockquote>
<p>pot is a great and relatively new jail management tool. It offers DevOps style provisioning and can even be used to provide Docker-like, scalable cloud services together with nomad and consul (more about this in Orchestrating jails with nomad and pot).</p>
</blockquote>

<hr>

<h3><a href="https://www.pbdigital.org/omniosce/bhyve/openbsd/2020/06/08/bhyve-zones-omnios.html" rel="nofollow noopener">OpenBSD guest with bhyve - OmniOS</a></h3>

<blockquote>
<p>Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.<br>
This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://distrowatch.com/weekly.php?issue=20200622#qa" rel="nofollow noopener">BSD versus Linux distribution development</a></h3>

<blockquote>
<p>Q: Comparing-apples-to-BSDs asks: I was reading one of the old articles from the archive. One of the things mentioned was how the BSDs have a distinct approach in terms of packaging the base system relative to userland apps, and that the Linux distros at the time were not following the same practice. Are there Linux distros that have adopted the same approach in modern times? If not, are there technical limitations that are preventing them from doing so, such as some distros supporting multiple kernel versions maybe?<br>
DistroWatch answers: In the article mentioned above, I made the observation that Linux distributions tend to take one of two approaches when it comes to packaging software. Generally a Linux distribution will either offer a rolling release, where virtually all packages are regularly upgraded to their latest stable releases, or a fixed release where almost all packages are kept at a set version number and only receive bug fixes for the life cycle of the distribution. Projects like Arch Linux and Void are popular examples of rolling, always-up-to-date distributions while Fedora and Ubuntu offer fixed platforms.</p>

<hr>

<h3><a href="https://corrupted.io/2020/06/21/my-freebsd-laptop-build.html" rel="nofollow noopener">My FreeBSD Laptop Build</a></h3>

<p>I have always liked Thinkpad hardware and when I started to do more commuting I decided I needed something that had a decent sized screen but fit well on a bus. Luckily about this time Lenovo gave me a nice gift in the Thinkpad X390. Its basically the famous X2xx series but with a 13” screen and smaller bezel.<br>
So with this laptop I figured it was time to actually put the docs together on how I got my FreeBSD workstation working on it. I will here in the near future have another post that will cover this for HardenedBSD as well since the steps are similar but have a few extra gotchas due to the extra hardening.</p>

<hr>

<h3><a href="http://up.bsd.lv" rel="nofollow noopener">FreeBSD CURRENT Binary Upgrades</a></h3>

<ul>
<li>Disclaimer
This proof-of-concept is not a publication of FreeBSD.</li>
<li>Description
up.bsd.lv is a proof-of-concept of binary updates for FreeBSD/amd64 CURRENT/HEAD to facilitate the exhaustive testing of FreeBSD and the bhyve hypervisor and OpenZFS 2.0 specifically. Updates are based on the SVN revisions of official FreeBSD Release Engineering bi-monthly snapshots.</li>
</ul>
</blockquote>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Karl%20-%20pfsense.md" rel="nofollow noopener">Karl - pfsense</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/Val%20-%20esxi%20question.md" rel="nofollow noopener">Val - esxi question</a></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/359/Feedback/lars%20-%20openbsd%20router%20hardware.md" rel="nofollow noopener">lars - openbsd router hardware</a></p>

<hr></li>
<li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></p>

<hr></li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>337: Kubernetes on bhyve</title>
  <link>https://www.bsdnow.tv/337</link>
  <guid isPermaLink="false">4a814adb-1ea5-41e3-baee-5645c60315d2</guid>
  <pubDate>Thu, 13 Feb 2020 11:30:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4a814adb-1ea5-41e3-baee-5645c60315d2.mp3" length="57168584" type="audio/mp3"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.</itunes:subtitle>
  <itunes:duration>1:19:24</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://drewdevault.com//2020/01/21/Stress-and-happiness.html" rel="nofollow noopener"&gt;The happinesses and stresses of full-time FOSS work&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.&lt;/p&gt;

&lt;p&gt;February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.&lt;/p&gt;

&lt;p&gt;The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.&lt;/p&gt;

&lt;p&gt;The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.vmwareblog.org/building-freebsd-file-server/" rel="nofollow noopener"&gt;Building a FreeBSD File Server&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.&lt;/p&gt;

&lt;p&gt;Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://twitter.com/hambug_ca/status/1227664949914349569" rel="nofollow noopener"&gt;Report from the first Hamilton BSD Users Group Meeting&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;February 11th was the first meeting of this new user group, founded by John Young and myself&lt;/p&gt;

&lt;p&gt;11 people attended, and a lot of good discussions were had&lt;/p&gt;

&lt;p&gt;One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.&lt;/p&gt;

&lt;p&gt;Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.&lt;/p&gt;

&lt;p&gt;The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.&lt;/p&gt;

&lt;p&gt;We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.bsdstore.ru/en/articles/cbsd_k8s_part1.html" rel="nofollow noopener"&gt;Kubernetes on FreeBSD Bhyve&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="http://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd" rel="nofollow noopener"&gt;NetBSD 9 RC1 Available&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).&lt;/p&gt;
&lt;/blockquote&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Here are a few highlights of the new release:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)&lt;/li&gt;
&lt;li&gt;Enhanced hardware support for Armv7-A&lt;/li&gt;
&lt;li&gt;Updated GPU drivers (e.g. support for Intel Kabylake)&lt;/li&gt;
&lt;li&gt;Enhanced virtualization support&lt;/li&gt;
&lt;li&gt;Support for hardware-accelerated virtualization (NVMM)&lt;/li&gt;
&lt;li&gt;Support for Performance Monitoring Counters&lt;/li&gt;
&lt;li&gt;Support for Kernel ASLR&lt;/li&gt;
&lt;li&gt;Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)&lt;/li&gt;
&lt;li&gt;Support for userland sanitizers&lt;/li&gt;
&lt;li&gt;Audit of the network stack&lt;/li&gt;
&lt;li&gt;Many improvements in NPF&lt;/li&gt;
&lt;li&gt;Updated ZFS&lt;/li&gt;
&lt;li&gt;Reworked error handling and NCQ support in the SATA subsystem&lt;/li&gt;
&lt;li&gt;Support a common framework for USB Ethernet drivers (usbnet)&lt;/li&gt;
&lt;/ul&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;You can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: &lt;a href="https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/" rel="nofollow noopener"&gt;https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://opnsense.org/opnsense-20-1-keen-kingfisher-released/" rel="nofollow noopener"&gt;OPNsense 20.1 Keen Kingfisher released&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.&lt;/p&gt;

&lt;p&gt;20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://hardenedbsd.org/article/shawn-webb/2020-01-26/idealistic-future-hardenedbsd" rel="nofollow noopener"&gt;Idealistic Future for HardenedBSD&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!&lt;/p&gt;

&lt;p&gt;HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.&lt;/p&gt;

&lt;p&gt;Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h2&gt;Beastie Bits&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://fosdem.org/2020/interviews/warner-losh/" rel="nofollow noopener"&gt;Warner Losh's FOSDEM talk&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://relational-pipes.globalcode.info/v_0/release-v0.15.xhtml" rel="nofollow noopener"&gt;Relational Pipes v0.15&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://www.armbsd.org/arm/" rel="nofollow noopener"&gt;A reminder for where to find NetBSD ARM images&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019866.html" rel="nofollow noopener"&gt;New Safe Memory Reclamation feature in UMA&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://twitter.com/niclaszeising/status/1216667359831842817" rel="nofollow noopener"&gt;BSD Users Stockholm Meetup&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;ZFS - &lt;a href="http://dpaste.com/13EK8YH#wrap" rel="nofollow noopener"&gt;Rosetta Stone Document?&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Pat - &lt;a href="http://dpaste.com/2DN5RA4#wrap" rel="nofollow noopener"&gt;Question&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Sigflup - &lt;a href="http://dpaste.com/03Y4FQ7#wrap" rel="nofollow noopener"&gt;Wayland on the BSDs&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;


    &lt;source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0337.mp4" type="video/mp4"&gt;
    Your browser does not support the HTML5 video tag.
 
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, happyness, stress, foss, full time open source, fileserver, file server, kubernetes, k8s, bhyve, netbsd 10, opnsense, keen kingfisher</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.</p>

<h2>Headlines</h2>

<h3><a href="https://drewdevault.com//2020/01/21/Stress-and-happiness.html" rel="nofollow noopener">The happinesses and stresses of full-time FOSS work</a></h3>

<blockquote>
<p>In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.</p>

<p>February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.</p>

<p>The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.</p>

<p>The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.</p>
</blockquote>

<hr>

<h3><a href="https://www.vmwareblog.org/building-freebsd-file-server/" rel="nofollow noopener">Building a FreeBSD File Server</a></h3>

<blockquote>
<p>Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.</p>

<p>Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!</p>
</blockquote>

<hr>

<h3><a href="https://twitter.com/hambug_ca/status/1227664949914349569" rel="nofollow noopener">Report from the first Hamilton BSD Users Group Meeting</a></h3>

<blockquote>
<p>February 11th was the first meeting of this new user group, founded by John Young and myself</p>

<p>11 people attended, and a lot of good discussions were had</p>

<p>One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.</p>

<p>Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.</p>

<p>The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.</p>

<p>We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.bsdstore.ru/en/articles/cbsd_k8s_part1.html" rel="nofollow noopener">Kubernetes on FreeBSD Bhyve</a></h3>

<blockquote>
<p>There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!</p>
</blockquote>

<hr>

<h3><a href="http://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd" rel="nofollow noopener">NetBSD 9 RC1 Available</a></h3>

<blockquote>
<p>We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).</p>
</blockquote>

<ul>
<li><p>Here are a few highlights of the new release:</p>

<ul>
<li>Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)</li>
<li>Enhanced hardware support for Armv7-A</li>
<li>Updated GPU drivers (e.g. support for Intel Kabylake)</li>
<li>Enhanced virtualization support</li>
<li>Support for hardware-accelerated virtualization (NVMM)</li>
<li>Support for Performance Monitoring Counters</li>
<li>Support for Kernel ASLR</li>
<li>Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)</li>
<li>Support for userland sanitizers</li>
<li>Audit of the network stack</li>
<li>Many improvements in NPF</li>
<li>Updated ZFS</li>
<li>Reworked error handling and NCQ support in the SATA subsystem</li>
<li>Support a common framework for USB Ethernet drivers (usbnet)</li>
</ul></li>
<li><p>You can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: <a href="https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/" rel="nofollow noopener">https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/</a></p></li>
</ul>

<hr>

<h3><a href="https://opnsense.org/opnsense-20-1-keen-kingfisher-released/" rel="nofollow noopener">OPNsense 20.1 Keen Kingfisher released</a></h3>

<blockquote>
<p>For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.</p>

<p>20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.</p>
</blockquote>

<hr>

<h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-01-26/idealistic-future-hardenedbsd" rel="nofollow noopener">Idealistic Future for HardenedBSD</a></h3>

<blockquote>
<p>Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!</p>

<p>HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.</p>

<p>Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.</p>
</blockquote>

<hr>

<h2>Beastie Bits</h2>

<ul>
<li><a href="https://fosdem.org/2020/interviews/warner-losh/" rel="nofollow noopener">Warner Losh's FOSDEM talk</a></li>
<li><a href="https://relational-pipes.globalcode.info/v_0/release-v0.15.xhtml" rel="nofollow noopener">Relational Pipes v0.15</a></li>
<li><a href="http://www.armbsd.org/arm/" rel="nofollow noopener">A reminder for where to find NetBSD ARM images</a></li>
<li><a href="https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019866.html" rel="nofollow noopener">New Safe Memory Reclamation feature in UMA</a></li>
<li><a href="https://twitter.com/niclaszeising/status/1216667359831842817" rel="nofollow noopener">BSD Users Stockholm Meetup</a></li>
</ul>

<hr>

<h2>Feedback/Questions</h2>

<ul>
<li>ZFS - <a href="http://dpaste.com/13EK8YH#wrap" rel="nofollow noopener">Rosetta Stone Document?</a></li>
<li>Pat - <a href="http://dpaste.com/2DN5RA4#wrap" rel="nofollow noopener">Question</a></li>
<li>Sigflup - <a href="http://dpaste.com/03Y4FQ7#wrap" rel="nofollow noopener">Wayland on the BSDs</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>


    <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0337.mp4" type="video/mp4">
    Your browser does not support the HTML5 video tag.
]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Happinesses and stresses of full-time FOSS work, building a FreeBSD fileserver, Kubernetes on FreeBSD bhyve, NetBSD 9 RC1 available, OPNSense 20.1 is here, HardenedBSD’s idealistic future, and more.</p>

<h2>Headlines</h2>

<h3><a href="https://drewdevault.com//2020/01/21/Stress-and-happiness.html" rel="nofollow noopener">The happinesses and stresses of full-time FOSS work</a></h3>

<blockquote>
<p>In the past few days, several free software maintainers have come out to discuss the stresses of their work. Though the timing was suggestive, my article last week on the philosophy of project governance was, at best, only tangentially related to this topic - I had been working on that article for a while. I do have some thoughts that I’d like to share about what kind of stresses I’ve dealt with as a FOSS maintainer, and how I’ve managed (or often mismanaged) it.</p>

<p>February will mark one year that I’ve been working on self-directed free software projects full-time. I was planning on writing an optimistic retrospective article around this time, but given the current mood of the ecosystem I think it would be better to be realistic. In this stage of my career, I now feel at once happier, busier, more fulfilled, more engaged, more stressed, and more depressed than I have at any other point in my life.</p>

<p>The good parts are numerous. I’m able to work on my life’s passions, and my projects are in the best shape they’ve ever been thanks to the attention I’m able to pour into them. I’ve also been able to do more thoughtful, careful work; with the extra time I’ve been able to make my software more robust and reliable than it’s ever been. The variety of projects I can invest my time into has also increased substantially, with what was once relegated to minor curiosities now receiving a similar amount of attention as my larger projects were receiving in my spare time before. I can work from anywhere in the world, at any time, not worrying about when to take time off and when to put my head down and crank out a lot of code.</p>

<p>The frustrations are numerous, as well. I often feel like I’ve bit off more than I can chew. This has been the default state of affairs for me for a long time; I’m often neglecting half of my projects in order to obtain progress by leaps and bounds in just a few. Working on FOSS full-time has cast this model’s disadvantages into greater relief, as I focus on a greater breadth of projects and spend more time on them.</p>
</blockquote>

<hr>

<h3><a href="https://www.vmwareblog.org/building-freebsd-file-server/" rel="nofollow noopener">Building a FreeBSD File Server</a></h3>

<blockquote>
<p>Recently at my job, I was faced with a task to develop a file server explicitly suited for the requirements of the company. Needless to say, any configuration of a kind depends on what the infrastructure needs. So, drawing from my personal experience and numerous materials on the web, I came up with the combination FreeBSD+SAMBA+AD as the most appropriate. It appears to be a perfect choice for this environment, and harmonic addition to the existing network configuration since FreeBSD + SAMBA + AD enables admins with the broad range of possibilities for access control. However, as nothing is perfect, this configuration isn’t the best choice if your priority is data protection because it won’t be able to reach the necessary levels of reliability and fault tolerance without outside improvements.</p>

<p>Now, since we’ve established that, let’s move on to the next point. This article’s describing the process of building a test environment while concentrating primarily on the details of the configuration. As the author, though, I must say I’m in no way suggesting that this is the only way! The following configuration will be presented in its initial stage, with the minimum requirements necessary to get the job done, and its purpose in one specific situation only. Here, look at this as a useful strategy to solve similar tasks. Well, let’s get started!</p>
</blockquote>

<hr>

<h3><a href="https://twitter.com/hambug_ca/status/1227664949914349569" rel="nofollow noopener">Report from the first Hamilton BSD Users Group Meeting</a></h3>

<blockquote>
<p>February 11th was the first meeting of this new user group, founded by John Young and myself</p>

<p>11 people attended, and a lot of good discussions were had</p>

<p>One of the attendees already owns a domain that fits well for the group, so we will be getting that setup over the next few weeks, as well as the twitter account, and other organization stuff.</p>

<p>Special thanks to the illumos users who drove in from Buffalo to attend, although they may have actually had a shorter drive than a few of the other attendees.</p>

<p>The next meeting is scheduled again for the 2nd Tuesday of the month, March 10th.</p>

<p>We are still discussing if we should meet at a restaurant again, or try to get a space at the local college or innovation hub where we can have a projector etc.</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.bsdstore.ru/en/articles/cbsd_k8s_part1.html" rel="nofollow noopener">Kubernetes on FreeBSD Bhyve</a></h3>

<blockquote>
<p>There are quite a few solutions for container orchestration, but the most popular (or the most famous and highly advertised, is probably, a Kubernetes) Since I plan to conduct many experiments with installing and configuring k8s, I need a laboratory in which I can quickly and easily deploy a cluster in any quantities for myself. In my work and everyday life I use two OS very tightly - Linux and FreeBSD OS. Kubernetes and docker are Linux-centric projects, and at first glance, you should not expect any useful participation and help from FreeBSD here. As the saying goes, an elephant can be made out of a fly, but it will no longer fly. However, two tempting things come to mind - this is very good integration and work in the FreeBSD ZFS file system, from which it would be nice to use the snapshot mechanism, COW and reliability. And the second is the bhyve hypervisor, because we still need the docker and k8s loader in the form of the Linux kernel. Thus, we need to connect a certain number of actions in various ways, most of which are related to starting and pre-configuring virtual machines. This is typical of both a Linux-based server and FreeBSD. What exactly will work under the hood to run virtual machines does not play a big role. And if so - let's take a FreeBSD here!</p>
</blockquote>

<hr>

<h3><a href="http://blog.netbsd.org/tnf/entry/first_release_candidate_for_netbsd" rel="nofollow noopener">NetBSD 9 RC1 Available</a></h3>

<blockquote>
<p>We hope this will lead to the best NetBSD release ever (only to be topped by NetBSD 10 next year).</p>
</blockquote>

<ul>
<li><p>Here are a few highlights of the new release:</p>

<ul>
<li>Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA)</li>
<li>Enhanced hardware support for Armv7-A</li>
<li>Updated GPU drivers (e.g. support for Intel Kabylake)</li>
<li>Enhanced virtualization support</li>
<li>Support for hardware-accelerated virtualization (NVMM)</li>
<li>Support for Performance Monitoring Counters</li>
<li>Support for Kernel ASLR</li>
<li>Support several kernel sanitizers (KLEAK, KASAN, KUBSAN)</li>
<li>Support for userland sanitizers</li>
<li>Audit of the network stack</li>
<li>Many improvements in NPF</li>
<li>Updated ZFS</li>
<li>Reworked error handling and NCQ support in the SATA subsystem</li>
<li>Support a common framework for USB Ethernet drivers (usbnet)</li>
</ul></li>
<li><p>You can download binaries of NetBSD 9.0_RC1 from our Fastly-provided CDN: <a href="https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/" rel="nofollow noopener">https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/</a></p></li>
</ul>

<hr>

<h3><a href="https://opnsense.org/opnsense-20-1-keen-kingfisher-released/" rel="nofollow noopener">OPNsense 20.1 Keen Kingfisher released</a></h3>

<blockquote>
<p>For over 5 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.</p>

<p>20.1, nicknamed "Keen Kingfisher", is a subtle improvement on sustainable firewall experience. This release adds VXLAN and additional loopback device support, IPsec public key authentication and elliptic curve TLS certificate creation amongst others. Third party software has been updated to their latest versions. The logging frontend was rewritten for MVC with seamless API support. On the far side the documentation increased in quality as well as quantity and now presents itself in a familiar menu layout.</p>
</blockquote>

<hr>

<h3><a href="https://hardenedbsd.org/article/shawn-webb/2020-01-26/idealistic-future-hardenedbsd" rel="nofollow noopener">Idealistic Future for HardenedBSD</a></h3>

<blockquote>
<p>Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!</p>

<p>HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.</p>

<p>Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.</p>
</blockquote>

<hr>

<h2>Beastie Bits</h2>

<ul>
<li><a href="https://fosdem.org/2020/interviews/warner-losh/" rel="nofollow noopener">Warner Losh's FOSDEM talk</a></li>
<li><a href="https://relational-pipes.globalcode.info/v_0/release-v0.15.xhtml" rel="nofollow noopener">Relational Pipes v0.15</a></li>
<li><a href="http://www.armbsd.org/arm/" rel="nofollow noopener">A reminder for where to find NetBSD ARM images</a></li>
<li><a href="https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019866.html" rel="nofollow noopener">New Safe Memory Reclamation feature in UMA</a></li>
<li><a href="https://twitter.com/niclaszeising/status/1216667359831842817" rel="nofollow noopener">BSD Users Stockholm Meetup</a></li>
</ul>

<hr>

<h2>Feedback/Questions</h2>

<ul>
<li>ZFS - <a href="http://dpaste.com/13EK8YH#wrap" rel="nofollow noopener">Rosetta Stone Document?</a></li>
<li>Pat - <a href="http://dpaste.com/2DN5RA4#wrap" rel="nofollow noopener">Question</a></li>
<li>Sigflup - <a href="http://dpaste.com/03Y4FQ7#wrap" rel="nofollow noopener">Wayland on the BSDs</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>


    <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0337.mp4" type="video/mp4">
    Your browser does not support the HTML5 video tag.
]]>
  </itunes:summary>
</item>
<item>
  <title>Episode 272: Detain the bhyve | BSD Now 272</title>
  <link>https://www.bsdnow.tv/272</link>
  <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2899</guid>
  <pubDate>Thu, 15 Nov 2018 13:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/23422ca9-e188-4755-aaf1-295422643d21.mp3" length="41375491" type="audio/mp3"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.</itunes:subtitle>
  <itunes:duration>1:08:39</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.&lt;br&gt;
&lt;/p&gt;&lt;p&gt;##Headlines&lt;br&gt; ###&lt;a href="https://nanxiao.me/en/the-byproducts-of-reading-openbsd-netcat-code/" rel="nofollow noopener"&gt;The byproducts of reading OpenBSD netcat code&lt;/a&gt;&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.&lt;br&gt; (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.&lt;br&gt; (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.&lt;br&gt; (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.&lt;br&gt; (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.&lt;br&gt; Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.&lt;/p&gt; &lt;/blockquote&gt; &lt;hr&gt; &lt;p&gt;###&lt;a href="https://github.com/shlomif/what-i-learned-from-porting-to-freebsd#what-i-learned-from-porting-my-projects-to-freebsd" rel="nofollow noopener"&gt;What I learned from porting my projects to FreeBSD&lt;/a&gt;&lt;/p&gt; &lt;ul&gt; &lt;li&gt;Introduction&lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt;The Projects&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;&lt;a href="https://github.com/shlomif/shlomif-computer-settings/" rel="nofollow noopener"&gt;https://github.com/shlomif/shlomif-computer-settings/&lt;/a&gt; (my dotfiles).&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;&lt;a href="https://web-cpan.shlomifish.org/latemp/" rel="nofollow noopener"&gt;https://web-cpan.shlomifish.org/latemp/&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;&lt;a href="https://fc-solve.shlomifish.org/" rel="nofollow noopener"&gt;https://fc-solve.shlomifish.org/&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;&lt;a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/" rel="nofollow noopener"&gt;https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;&lt;a href="https://better-scm.shlomifish.org/source/" rel="nofollow noopener"&gt;https://better-scm.shlomifish.org/source/&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;&lt;a href="http://perl-begin.org/source/" rel="nofollow noopener"&gt;http://perl-begin.org/source/&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;&lt;a href="https://www.shlomifish.org/meta/site-source/" rel="nofollow noopener"&gt;https://www.shlomifish.org/meta/site-source/&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Work fine on several Linux distributions and have &lt;a href="https://en.wikipedia.org/wiki/Travis_CI" rel="nofollow noopener"&gt;https://en.wikipedia.org/wiki/Travis_CI&lt;/a&gt; using Ubuntu 14.04 hosts&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Some pass builds and tests on AppVeyor/Win64&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;What I Learned:&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;FreeBSD on VBox has become very reliable&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;make on FreeBSD is not GNU make&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;m4 on FreeBSD is not compatible with GNU m4&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Some CPAN Modules fail to install using local-lib there&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;DocBook/XSL Does Not Live Under /usr/share/sgml&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;FreeBSD’s grep does not have a “-P” flag by default&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;FreeBSD has no “nproc” command&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Conclusion:&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;It is easier to port a shell than a shell script. — Larry Wall&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;hr&gt; &lt;p&gt;##News Roundup&lt;br&gt; ###&lt;a href="https://lwn.net/Articles/767137/" rel="nofollow noopener"&gt;OpenBSD’s unveil()&lt;/a&gt;&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.&lt;br&gt; The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.&lt;br&gt; In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.&lt;br&gt; Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:&lt;/p&gt; &lt;/blockquote&gt; &lt;p&gt;&lt;code&gt;int unveil(const char *path, const char *permissions);&lt;/code&gt;&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.&lt;br&gt; Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.&lt;br&gt; Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.&lt;br&gt; unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.&lt;br&gt; One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.&lt;/p&gt; &lt;/blockquote&gt; &lt;hr&gt; &lt;p&gt;###&lt;a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html" rel="nofollow noopener"&gt;NetBSD Virtual Machine Monitor (NVVM)&lt;/a&gt;&lt;/p&gt; &lt;ul&gt; &lt;li&gt;NetBSD Virtual Machine Monitor&lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt;Download&lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;The source code of NVMM, plus the associated tools, can be downloaded here.&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt;Technical details&lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.&lt;br&gt; Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.&lt;br&gt; Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.&lt;br&gt; The host must always be x86_64, but the guest has no constraint on the mode, so it can be x86_32, PAE, real mode, and so on.&lt;br&gt; The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.&lt;br&gt; When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.&lt;br&gt; The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.&lt;/p&gt; &lt;/blockquote&gt; &lt;hr&gt; &lt;p&gt;###&lt;a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InitDependencyUnclear" rel="nofollow noopener"&gt;What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)&lt;/a&gt;&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):&lt;br&gt; I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.&lt;br&gt; Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.&lt;br&gt; This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)&lt;br&gt; In general, there are three different relationships between services that I tend to encounter:&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt;a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?&lt;br&gt; My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt;(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)&lt;/li&gt; &lt;/ul&gt; &lt;hr&gt; &lt;p&gt;###&lt;a href="https://github.com/lattera/articles/blob/master/freebsd/2018-10-27_jailed_bhyve/article.md" rel="nofollow noopener"&gt;Jailing The bhyve Hypervisor&lt;/a&gt;&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.&lt;br&gt; You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.&lt;br&gt; The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt;A Gentle History Lesson&lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W&lt;sup&gt;X&lt;/sup&gt; are all applied to bhyve, making it an extremely hardened hypervisor.&lt;br&gt; So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAP_GUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt;Initial Setup&lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.&lt;br&gt; I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.&lt;br&gt; By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt;We will use the following in our jail, so we will need to set up devfs(8) rules for them:&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;A ZFS volume&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;A null-modem device (nmdm(4))&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;UEFI GOP (no devfs rule, but IP assigned to the jail)&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;A tap device&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Conclusion&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:&lt;/p&gt; &lt;/blockquote&gt; &lt;ul&gt; &lt;li&gt;PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)&lt;/li&gt; &lt;li&gt;PaX NOEXEC is fully applied (strict W&lt;sup&gt;X)&lt;/sup&gt; (HardenedBSD enhancement)&lt;/li&gt; &lt;li&gt;Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement)&lt;/li&gt; &lt;li&gt;Full RELRO (RELRO + BIND_NOW) is fully applied (HardenedBSD enhancement)&lt;/li&gt; &lt;li&gt;SafeStack is applied to the application (HardenedBSD enhancement)&lt;/li&gt; &lt;li&gt;Jailed (FreeBSD feature written by HardenedBSD)&lt;/li&gt; &lt;li&gt;Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)&lt;/li&gt; &lt;li&gt;Capsicum is fully applied (FreeBSD feature)&lt;/li&gt; &lt;/ul&gt; &lt;blockquote&gt; &lt;p&gt;Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)&lt;/p&gt; &lt;/blockquote&gt; &lt;hr&gt; &lt;p&gt;##Beastie Bits&lt;/p&gt; &lt;ul&gt; &lt;li&gt;&lt;a href="https://www.ghostbsd.org/18.10_release_announcement" rel="nofollow noopener"&gt;GhostBSD 18.10 has been released&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="http://project-trident.org/post/2018-11-10_rc3-available/" rel="nofollow noopener"&gt;Project Trident RC3 has been released&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://undeadly.org/cgi?action=article;sid=20181022130631" rel="nofollow noopener"&gt;The OpenBSD Foundation receives the first Silver contribution from a single individual&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="http://www.echothrust.com/blogs/monitoring-pf-logs-gource" rel="nofollow noopener"&gt;Monitoring pf logs gource&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://twitter.com/zmcgrew/status/1055682596812730368" rel="nofollow noopener"&gt;NetBSD on the RISC-V is alive&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://marc.info/?l=openbsd-tech&amp;amp;m=154050351216908&amp;amp;w=2" rel="nofollow noopener"&gt;The X hole&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="http://mail-index.netbsd.org/pkgsrc-users/2018/10/05/msg027525.html" rel="nofollow noopener"&gt;Announcing the pkgsrc-2018Q3 release (2018-10-05)&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://an.undulating.space/post/180927-er_alternate_firmware_benchmarks/" rel="nofollow noopener"&gt;NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://www.princeton.edu/~hos/mike/transcripts/thompson.htm" rel="nofollow noopener"&gt;UNIX (as we know it) might not have existed without Mrs. Thompson&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://www.freepizza.io/" rel="nofollow noopener"&gt;Free Pizza for your dev events&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://calagator.org/events/1250474530" rel="nofollow noopener"&gt;Portland BSD Pizza Night: Nov 29th 7pm&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;hr&gt; &lt;p&gt;##Feedback/Questions&lt;/p&gt; &lt;ul&gt; &lt;li&gt;Dennis - &lt;a href="http://dpaste.com/36JB7EC#wrap" rel="nofollow noopener"&gt;Core developers leaving illumOS?&lt;/a&gt;&lt;/li&gt; &lt;li&gt;Ben - &lt;a href="http://dpaste.com/1R36Z32#wrap" rel="nofollow noopener"&gt;Jumping from snapshot to snapshot&lt;/a&gt;&lt;/li&gt; &lt;li&gt;Ias - &lt;a href="http://dpaste.com/1CC86MX" rel="nofollow noopener"&gt;Question about ZFS snapshots&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;hr&gt; &lt;ul&gt; &lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;hr&gt; 
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, bhyve, jail, netcat, unveil, NVVM, 18.10, rc3</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.<br>
</p><p>##Headlines<br> ###<a href="https://nanxiao.me/en/the-byproducts-of-reading-openbsd-netcat-code/" rel="nofollow noopener">The byproducts of reading OpenBSD netcat code</a></p> <blockquote> <p>When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.<br> (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.<br> (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.<br> (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.<br> (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.<br> Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.</p> </blockquote> <hr> <p>###<a href="https://github.com/shlomif/what-i-learned-from-porting-to-freebsd#what-i-learned-from-porting-my-projects-to-freebsd" rel="nofollow noopener">What I learned from porting my projects to FreeBSD</a></p> <ul> <li>Introduction</li> </ul> <blockquote> <p>I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.</p> </blockquote> <ul> <li> <p>The Projects</p> </li> <li> <p><a href="https://github.com/shlomif/shlomif-computer-settings/" rel="nofollow noopener">https://github.com/shlomif/shlomif-computer-settings/</a> (my dotfiles).</p> </li> <li> <p><a href="https://web-cpan.shlomifish.org/latemp/" rel="nofollow noopener">https://web-cpan.shlomifish.org/latemp/</a></p> </li> <li> <p><a href="https://fc-solve.shlomifish.org/" rel="nofollow noopener">https://fc-solve.shlomifish.org/</a></p> </li> <li> <p><a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/" rel="nofollow noopener">https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/</a></p> </li> <li> <p><a href="https://better-scm.shlomifish.org/source/" rel="nofollow noopener">https://better-scm.shlomifish.org/source/</a></p> </li> <li> <p><a href="http://perl-begin.org/source/" rel="nofollow noopener">http://perl-begin.org/source/</a></p> </li> <li> <p><a href="https://www.shlomifish.org/meta/site-source/" rel="nofollow noopener">https://www.shlomifish.org/meta/site-source/</a></p> </li> <li> <p>Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.</p> </li> <li> <p>Work fine on several Linux distributions and have <a href="https://en.wikipedia.org/wiki/Travis_CI" rel="nofollow noopener">https://en.wikipedia.org/wiki/Travis_CI</a> using Ubuntu 14.04 hosts</p> </li> <li> <p>Some pass builds and tests on AppVeyor/Win64</p> </li> <li> <p>What I Learned:</p> </li> <li> <p>FreeBSD on VBox has become very reliable</p> </li> <li> <p>Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin</p> </li> <li> <p>make on FreeBSD is not GNU make</p> </li> <li> <p>m4 on FreeBSD is not compatible with GNU m4</p> </li> <li> <p>Some CPAN Modules fail to install using local-lib there</p> </li> <li> <p>DocBook/XSL Does Not Live Under /usr/share/sgml</p> </li> <li> <p>FreeBSD’s grep does not have a “-P” flag by default</p> </li> <li> <p>FreeBSD has no “nproc” command</p> </li> <li> <p>Conclusion:</p> </li> <li> <p>It is easier to port a shell than a shell script. — Larry Wall</p> </li> <li> <p>I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.</p> </li> </ul> <hr> <p>##News Roundup<br> ###<a href="https://lwn.net/Articles/767137/" rel="nofollow noopener">OpenBSD’s unveil()</a></p> <blockquote> <p>One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.<br> The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.<br> In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.<br> Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:</p> </blockquote> <p><code>int unveil(const char *path, const char *permissions);</code></p> <blockquote> <p>A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.<br> Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.<br> Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.<br> unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.<br> One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.</p> </blockquote> <hr> <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html" rel="nofollow noopener">NetBSD Virtual Machine Monitor (NVVM)</a></p> <ul> <li>NetBSD Virtual Machine Monitor</li> </ul> <blockquote> <p>The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p> </blockquote> <ul> <li>Download</li> </ul> <blockquote> <p>The source code of NVMM, plus the associated tools, can be downloaded here.</p> </blockquote> <ul> <li>Technical details</li> </ul> <blockquote> <p>NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.<br> Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.<br> Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.<br> The host must always be x86_64, but the guest has no constraint on the mode, so it can be x86_32, PAE, real mode, and so on.<br> The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.<br> When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.<br> The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.</p> </blockquote> <hr> <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InitDependencyUnclear" rel="nofollow noopener">What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)</a></p> <blockquote> <p>I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):<br> I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.<br> Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.<br> This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)<br> In general, there are three different relationships between services that I tend to encounter:</p> </blockquote> <ul> <li> <p>a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.</p> </li> <li> <p>a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)</p> </li> <li> <p>an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)</p> </li> </ul> <blockquote> <p>Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?<br> My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.</p> </blockquote> <ul> <li>(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)</li> </ul> <hr> <p>###<a href="https://github.com/lattera/articles/blob/master/freebsd/2018-10-27_jailed_bhyve/article.md" rel="nofollow noopener">Jailing The bhyve Hypervisor</a></p> <blockquote> <p>As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.<br> You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.<br> The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.</p> </blockquote> <ul> <li>A Gentle History Lesson</li> </ul> <blockquote> <p>At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W<sup>X</sup> are all applied to bhyve, making it an extremely hardened hypervisor.<br> So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAP_GUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.</p> </blockquote> <ul> <li>Initial Setup</li> </ul> <blockquote> <p>We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.<br> I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.<br> By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.</p> </blockquote> <ul> <li> <p>We will use the following in our jail, so we will need to set up devfs(8) rules for them:</p> </li> <li> <p>A ZFS volume</p> </li> <li> <p>A null-modem device (nmdm(4))</p> </li> <li> <p>UEFI GOP (no devfs rule, but IP assigned to the jail)</p> </li> <li> <p>A tap device</p> </li> <li> <p>Conclusion</p> </li> </ul> <blockquote> <p>The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:</p> </blockquote> <ul> <li>PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)</li> <li>PaX NOEXEC is fully applied (strict W<sup>X)</sup> (HardenedBSD enhancement)</li> <li>Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement)</li> <li>Full RELRO (RELRO + BIND_NOW) is fully applied (HardenedBSD enhancement)</li> <li>SafeStack is applied to the application (HardenedBSD enhancement)</li> <li>Jailed (FreeBSD feature written by HardenedBSD)</li> <li>Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)</li> <li>Capsicum is fully applied (FreeBSD feature)</li> </ul> <blockquote> <p>Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)</p> </blockquote> <hr> <p>##Beastie Bits</p> <ul> <li><a href="https://www.ghostbsd.org/18.10_release_announcement" rel="nofollow noopener">GhostBSD 18.10 has been released</a></li> <li><a href="http://project-trident.org/post/2018-11-10_rc3-available/" rel="nofollow noopener">Project Trident RC3 has been released</a></li> <li><a href="https://undeadly.org/cgi?action=article;sid=20181022130631" rel="nofollow noopener">The OpenBSD Foundation receives the first Silver contribution from a single individual</a></li> <li><a href="http://www.echothrust.com/blogs/monitoring-pf-logs-gource" rel="nofollow noopener">Monitoring pf logs gource</a></li> <li><a href="https://twitter.com/zmcgrew/status/1055682596812730368" rel="nofollow noopener">NetBSD on the RISC-V is alive</a></li> <li><a href="https://marc.info/?l=openbsd-tech&amp;m=154050351216908&amp;w=2" rel="nofollow noopener">The X hole</a></li> <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2018/10/05/msg027525.html" rel="nofollow noopener">Announcing the pkgsrc-2018Q3 release (2018-10-05)</a></li> <li><a href="https://an.undulating.space/post/180927-er_alternate_firmware_benchmarks/" rel="nofollow noopener">NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT</a></li> <li><a href="https://www.princeton.edu/~hos/mike/transcripts/thompson.htm" rel="nofollow noopener">UNIX (as we know it) might not have existed without Mrs. Thompson</a></li> <li><a href="https://www.freepizza.io/" rel="nofollow noopener">Free Pizza for your dev events</a></li> <li><a href="https://calagator.org/events/1250474530" rel="nofollow noopener">Portland BSD Pizza Night: Nov 29th 7pm</a></li> </ul> <hr> <p>##Feedback/Questions</p> <ul> <li>Dennis - <a href="http://dpaste.com/36JB7EC#wrap" rel="nofollow noopener">Core developers leaving illumOS?</a></li> <li>Ben - <a href="http://dpaste.com/1R36Z32#wrap" rel="nofollow noopener">Jumping from snapshot to snapshot</a></li> <li>Ias - <a href="http://dpaste.com/1CC86MX" rel="nofollow noopener">Question about ZFS snapshots</a></li> </ul> <hr> <ul> <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li> </ul> <hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more.<br>
</p><p>##Headlines<br> ###<a href="https://nanxiao.me/en/the-byproducts-of-reading-openbsd-netcat-code/" rel="nofollow noopener">The byproducts of reading OpenBSD netcat code</a></p> <blockquote> <p>When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process.<br> (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff.<br> (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future.<br> (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it.<br> (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part.<br> Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself.</p> </blockquote> <hr> <p>###<a href="https://github.com/shlomif/what-i-learned-from-porting-to-freebsd#what-i-learned-from-porting-my-projects-to-freebsd" rel="nofollow noopener">What I learned from porting my projects to FreeBSD</a></p> <ul> <li>Introduction</li> </ul> <blockquote> <p>I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there.</p> </blockquote> <ul> <li> <p>The Projects</p> </li> <li> <p><a href="https://github.com/shlomif/shlomif-computer-settings/" rel="nofollow noopener">https://github.com/shlomif/shlomif-computer-settings/</a> (my dotfiles).</p> </li> <li> <p><a href="https://web-cpan.shlomifish.org/latemp/" rel="nofollow noopener">https://web-cpan.shlomifish.org/latemp/</a></p> </li> <li> <p><a href="https://fc-solve.shlomifish.org/" rel="nofollow noopener">https://fc-solve.shlomifish.org/</a></p> </li> <li> <p><a href="https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/" rel="nofollow noopener">https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/</a></p> </li> <li> <p><a href="https://better-scm.shlomifish.org/source/" rel="nofollow noopener">https://better-scm.shlomifish.org/source/</a></p> </li> <li> <p><a href="http://perl-begin.org/source/" rel="nofollow noopener">http://perl-begin.org/source/</a></p> </li> <li> <p><a href="https://www.shlomifish.org/meta/site-source/" rel="nofollow noopener">https://www.shlomifish.org/meta/site-source/</a></p> </li> <li> <p>Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more.</p> </li> <li> <p>Work fine on several Linux distributions and have <a href="https://en.wikipedia.org/wiki/Travis_CI" rel="nofollow noopener">https://en.wikipedia.org/wiki/Travis_CI</a> using Ubuntu 14.04 hosts</p> </li> <li> <p>Some pass builds and tests on AppVeyor/Win64</p> </li> <li> <p>What I Learned:</p> </li> <li> <p>FreeBSD on VBox has become very reliable</p> </li> <li> <p>Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin</p> </li> <li> <p>make on FreeBSD is not GNU make</p> </li> <li> <p>m4 on FreeBSD is not compatible with GNU m4</p> </li> <li> <p>Some CPAN Modules fail to install using local-lib there</p> </li> <li> <p>DocBook/XSL Does Not Live Under /usr/share/sgml</p> </li> <li> <p>FreeBSD’s grep does not have a “-P” flag by default</p> </li> <li> <p>FreeBSD has no “nproc” command</p> </li> <li> <p>Conclusion:</p> </li> <li> <p>It is easier to port a shell than a shell script. — Larry Wall</p> </li> <li> <p>I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them.</p> </li> </ul> <hr> <p>##News Roundup<br> ###<a href="https://lwn.net/Articles/767137/" rel="nofollow noopener">OpenBSD’s unveil()</a></p> <blockquote> <p>One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.<br> The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job.<br> In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access.<br> Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype:</p> </blockquote> <p><code>int unveil(const char *path, const char *permissions);</code></p> <blockquote> <p>A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path.<br> Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply.<br> Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile.<br> unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source.<br> One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms.</p> </blockquote> <hr> <p>###<a href="http://m00nbsd.net/4e0798b7f2620c965d0dd9d6a7a2f296.html" rel="nofollow noopener">NetBSD Virtual Machine Monitor (NVVM)</a></p> <ul> <li>NetBSD Virtual Machine Monitor</li> </ul> <blockquote> <p>The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.</p> </blockquote> <ul> <li>Download</li> </ul> <blockquote> <p>The source code of NVMM, plus the associated tools, can be downloaded here.</p> </blockquote> <ul> <li>Technical details</li> </ul> <blockquote> <p>NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM.<br> Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs.<br> Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism.<br> The host must always be x86_64, but the guest has no constraint on the mode, so it can be x86_32, PAE, real mode, and so on.<br> The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs.<br> When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch.<br> The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state.</p> </blockquote> <hr> <p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InitDependencyUnclear" rel="nofollow noopener">What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca)</a></p> <blockquote> <p>I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc):<br> I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description.<br> Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem.<br> This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.)<br> In general, there are three different relationships between services that I tend to encounter:</p> </blockquote> <ul> <li> <p>a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place.</p> </li> <li> <p>a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.)</p> </li> <li> <p>an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.)</p> </li> </ul> <blockquote> <p>Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later?<br> My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway.</p> </blockquote> <ul> <li>(In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.)</li> </ul> <hr> <p>###<a href="https://github.com/lattera/articles/blob/master/freebsd/2018-10-27_jailed_bhyve/article.md" rel="nofollow noopener">Jailing The bhyve Hypervisor</a></p> <blockquote> <p>As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve.<br> You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD.<br> The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD.</p> </blockquote> <ul> <li>A Gentle History Lesson</li> </ul> <blockquote> <p>At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W<sup>X</sup> are all applied to bhyve, making it an extremely hardened hypervisor.<br> So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAP_GUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed.</p> </blockquote> <ul> <li>Initial Setup</li> </ul> <blockquote> <p>We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail.<br> I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail.<br> By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail.</p> </blockquote> <ul> <li> <p>We will use the following in our jail, so we will need to set up devfs(8) rules for them:</p> </li> <li> <p>A ZFS volume</p> </li> <li> <p>A null-modem device (nmdm(4))</p> </li> <li> <p>UEFI GOP (no devfs rule, but IP assigned to the jail)</p> </li> <li> <p>A tap device</p> </li> <li> <p>Conclusion</p> </li> </ul> <blockquote> <p>The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened:</p> </blockquote> <ul> <li>PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement)</li> <li>PaX NOEXEC is fully applied (strict W<sup>X)</sup> (HardenedBSD enhancement)</li> <li>Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement)</li> <li>Full RELRO (RELRO + BIND_NOW) is fully applied (HardenedBSD enhancement)</li> <li>SafeStack is applied to the application (HardenedBSD enhancement)</li> <li>Jailed (FreeBSD feature written by HardenedBSD)</li> <li>Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD)</li> <li>Capsicum is fully applied (FreeBSD feature)</li> </ul> <blockquote> <p>Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :)</p> </blockquote> <hr> <p>##Beastie Bits</p> <ul> <li><a href="https://www.ghostbsd.org/18.10_release_announcement" rel="nofollow noopener">GhostBSD 18.10 has been released</a></li> <li><a href="http://project-trident.org/post/2018-11-10_rc3-available/" rel="nofollow noopener">Project Trident RC3 has been released</a></li> <li><a href="https://undeadly.org/cgi?action=article;sid=20181022130631" rel="nofollow noopener">The OpenBSD Foundation receives the first Silver contribution from a single individual</a></li> <li><a href="http://www.echothrust.com/blogs/monitoring-pf-logs-gource" rel="nofollow noopener">Monitoring pf logs gource</a></li> <li><a href="https://twitter.com/zmcgrew/status/1055682596812730368" rel="nofollow noopener">NetBSD on the RISC-V is alive</a></li> <li><a href="https://marc.info/?l=openbsd-tech&amp;m=154050351216908&amp;w=2" rel="nofollow noopener">The X hole</a></li> <li><a href="http://mail-index.netbsd.org/pkgsrc-users/2018/10/05/msg027525.html" rel="nofollow noopener">Announcing the pkgsrc-2018Q3 release (2018-10-05)</a></li> <li><a href="https://an.undulating.space/post/180927-er_alternate_firmware_benchmarks/" rel="nofollow noopener">NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT</a></li> <li><a href="https://www.princeton.edu/~hos/mike/transcripts/thompson.htm" rel="nofollow noopener">UNIX (as we know it) might not have existed without Mrs. Thompson</a></li> <li><a href="https://www.freepizza.io/" rel="nofollow noopener">Free Pizza for your dev events</a></li> <li><a href="https://calagator.org/events/1250474530" rel="nofollow noopener">Portland BSD Pizza Night: Nov 29th 7pm</a></li> </ul> <hr> <p>##Feedback/Questions</p> <ul> <li>Dennis - <a href="http://dpaste.com/36JB7EC#wrap" rel="nofollow noopener">Core developers leaving illumOS?</a></li> <li>Ben - <a href="http://dpaste.com/1R36Z32#wrap" rel="nofollow noopener">Jumping from snapshot to snapshot</a></li> <li>Ias - <a href="http://dpaste.com/1CC86MX" rel="nofollow noopener">Question about ZFS snapshots</a></li> </ul> <hr> <ul> <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li> </ul> <hr>]]>
  </itunes:summary>
</item>
<item>
  <title>Episode 266: File Type History | BSD Now 266</title>
  <link>https://www.bsdnow.tv/266</link>
  <guid isPermaLink="false">http://feed.jupiter.zone/bsdnow#entry-2661</guid>
  <pubDate>Wed, 03 Oct 2018 13:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/04e29e6e-69af-4d6a-9e57-2caa87aaeb48.mp3" length="45192669" type="audio/mp3"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.</itunes:subtitle>
  <itunes:duration>1:15:00</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.&lt;/p&gt;

&lt;p&gt;##Headlines&lt;br&gt;
###&lt;a href="https://oshogbo.vexillium.org/blog/53/" rel="nofollow noopener"&gt;OpenBSD/NetBSD on FreeBSD using grub2-bhyve&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!&lt;br&gt;
The grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;# pkg install grub2-bhyve&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;To run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;# grub-bhyve test&lt;/code&gt;&lt;br&gt;
&lt;code&gt;GNU GRUB version 2.00&lt;/code&gt;&lt;br&gt;
&lt;code&gt;Minimal BASH-like line editing is supported. For the first word, TAB lists possible command&lt;/code&gt;&lt;br&gt;
&lt;code&gt;completions. Anywhere else TAB lists possible device or file completions.&lt;/code&gt;&lt;br&gt;
&lt;code&gt;&lt;/code&gt;&lt;br&gt;
&lt;code&gt;&lt;/code&gt;&lt;br&gt;
&lt;code&gt;grub&amp;gt;&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;After running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;grub&amp;gt; ls&lt;/code&gt;&lt;br&gt;
&lt;code&gt;(host)&lt;/code&gt;&lt;br&gt;
&lt;code&gt;grub&amp;gt; ls (host)/&lt;/code&gt;&lt;br&gt;
&lt;code&gt;libexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/&lt;/code&gt;&lt;br&gt;
&lt;code&gt;grub&amp;gt;&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;To exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL &lt;code&gt;ztank/bhyve/post&lt;/code&gt;. On another terminal, we create:&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;# zfs create -V 10G ztank/bhyve/post&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;If you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;# truncate -s 10G post.img&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;I recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;cat &amp;gt; /tmp/post.map &amp;lt;&amp;lt; EOF&lt;/code&gt;&lt;br&gt;
&lt;code&gt;(hd0) /directory/to/disk/image&lt;/code&gt;&lt;br&gt;
&lt;code&gt;(hd1) /dev/zvol/ztank/bhyve/post&lt;/code&gt;&lt;br&gt;
&lt;code&gt;EOF&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;# grub-bhyve -m /tmp/post.map post&lt;/code&gt;&lt;br&gt;
&lt;code&gt;grub&amp;gt; ls&lt;/code&gt;&lt;br&gt;
&lt;code&gt;(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;grub&amp;gt; ls (hd0,msdos4)/&lt;/code&gt;&lt;br&gt;
&lt;code&gt;boot bsd 6.4/ etc/&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;And this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;grub&amp;gt; set root=(hd0,msdos4)&lt;/code&gt;&lt;br&gt;
&lt;code&gt;grub&amp;gt; kopenbsd -h com0 -r sd0a /bsd&lt;/code&gt;&lt;br&gt;
&lt;code&gt;grub&amp;gt; boot&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;After that, we can run bhyve virtual machine. In my case it is:&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;# bhyve -c 1 -w -u -H \&lt;/code&gt;&lt;br&gt;
&lt;code&gt;-s 0,amd_hostbridge \&lt;/code&gt;&lt;br&gt;
&lt;code&gt;-s 3,ahci-hd,/directory/to/disk/image \&lt;/code&gt;&lt;br&gt;
&lt;code&gt;-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \&lt;/code&gt;&lt;br&gt;
&lt;code&gt;-s 31,lpc -l com1,stdio \&lt;/code&gt;&lt;br&gt;
&lt;code&gt;post&lt;/code&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Unfortunately explaining the whole bhyve(8)  command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;cat &amp;lt;&amp;lt; EOF | grub-bhyve -m /tmp/post.map -M 512 post&lt;/code&gt;&lt;br&gt;
&lt;code&gt;set root=(hd0,4)&lt;/code&gt;&lt;br&gt;
&lt;code&gt;kopenbsd -h com0 -r sd0a /bsd&lt;/code&gt;&lt;br&gt;
&lt;code&gt;boot&lt;/code&gt;&lt;br&gt;
&lt;code&gt;EOF&lt;/code&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;p&gt;###&lt;a href="https://vermaden.wordpress.com/2018/09/07/my-freebsd-story/" rel="nofollow noopener"&gt;My FreeBSD Story&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;My first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.&lt;br&gt;
Back then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600&lt;br&gt;
Then I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.&lt;br&gt;
At the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.&lt;br&gt;
After ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??&lt;br&gt;
I do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.&lt;br&gt;
I always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.&lt;br&gt;
After half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??&lt;br&gt;
Of course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.&lt;br&gt;
Somewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent &lt;a href="http://BSDForums.org" rel="nofollow noopener"&gt;BSDForums.org&lt;/a&gt; site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.&lt;br&gt;
Why FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.&lt;br&gt;
As the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.&lt;br&gt;
After 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;p&gt;##News Roundup&lt;br&gt;
###&lt;a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/" rel="nofollow noopener"&gt;OpenBSD on the Desktop: some thoughts&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.&lt;br&gt;
The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.&lt;br&gt;
I like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.&lt;br&gt;
I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.&lt;br&gt;
Just install a browser and you’re ready to go.&lt;br&gt;
Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.&lt;br&gt;
Performance is not first-class, mostly because of all the security mitigations and checks done at runtime.&lt;br&gt;
I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.&lt;br&gt;
To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;p&gt;###&lt;a href="https://utcc.utoronto.ca/~cks/space/blog/unix/DirectoryDTypeHistory" rel="nofollow noopener"&gt;The history of file type information being available in Unix directories&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:&lt;br&gt;
[…], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional d_type field that has the directory entry’s type.&lt;br&gt;
On Twitter, I recently grumbled about Illumos not having this d_type field. The ensuing conversation wound up with me curious about exactly where d_type came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of d_type.&lt;br&gt;
On the kernel side, d_type appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a d_type field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD d_type was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.&lt;br&gt;
(In FreeBSD, the most convenient history I can find is here, and the d_type field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)&lt;br&gt;
Documentation for d_type appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.&lt;br&gt;
In Linux, it seems that a dirent structure with a d_type member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the d_type field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented d_type, and probably many years after it was actually available if you peeked at the structure definition.&lt;br&gt;
As far as I can tell, d_type is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.&lt;br&gt;
Sidebar: The filesystem also matters on modern Unixes&lt;br&gt;
Even if your Unix supports d_type in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with d_type support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DT_UNKNOWN.&lt;br&gt;
It’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;p&gt;###&lt;a href="https://euroquis.nl/bobulate/?p=1979" rel="nofollow noopener"&gt;Multiboot Pinebook KDE neon&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Recently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.&lt;br&gt;
Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.&lt;br&gt;
But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.&lt;br&gt;
I have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.&lt;br&gt;
Here’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.&lt;br&gt;
The nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.&lt;br&gt;
So to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;p&gt;##Beastie Bits&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://lists.dragonflybsd.org/pipermail/users/2018-September/357883.html" rel="nofollow noopener"&gt;Unexpected benefit with Ryzen – reducing power for build server&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://mwl.io/archives/3758" rel="nofollow noopener"&gt;Happy #CIDRDay!&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://mwl.io/archives/3771" rel="nofollow noopener"&gt;Absolute FreeBSD 3e ship date&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://www.mug.org/" rel="nofollow noopener"&gt;MWL FreeBSD talk @ October 9th 2018 - MUG Meeting&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.ixsystems.com/blog/meetbsd-2018-countdown/" rel="nofollow noopener"&gt;MeetBSD Oct 19-20&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-September/014218.html" rel="nofollow noopener"&gt;October’s London *BSD meetup - 9th Oct 2018&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.bsd.nrw/" rel="nofollow noopener"&gt;NRW BUG Meeting at Trivago Oct. 9&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://blog.socruel.nu/misc/eurobsdcon-2018.html" rel="nofollow noopener"&gt;Lars Wittebrood blogs about his visit to EuroBSDCon 2018&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://undeadly.org/cgi?action=article;sid=20180925075334" rel="nofollow noopener"&gt;EuroBSDcon 2018 OpenBSD slides available&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://2018.eurobsdcon.org/talks-speakers/" rel="nofollow noopener"&gt;EuroBSDCon conference site has most slides as well&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;p&gt;##Feedback/Questions&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Brad - &lt;a href="http://dpaste.com/3T9M2QC#wrap" rel="nofollow noopener"&gt;Unmounted ZFS sends&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Niclas - &lt;a href="http://dpaste.com/11TKDK2" rel="nofollow noopener"&gt;Report from a Meetup&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Ghislain - &lt;a href="http://dpaste.com/2790GC6" rel="nofollow noopener"&gt;Bhyve not used?&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Shane - &lt;a href="http://dpaste.com/1P055SQ" rel="nofollow noopener"&gt;zpool history and snapshots&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt; 
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, Ryzen, Pinebook, KDE Neon, bhyve, desktop</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.</p>

<p>##Headlines<br>
###<a href="https://oshogbo.vexillium.org/blog/53/" rel="nofollow noopener">OpenBSD/NetBSD on FreeBSD using grub2-bhyve</a></p>

<blockquote>
<p>When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!<br>
The grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:</p>
</blockquote>

<p><code># pkg install grub2-bhyve</code></p>

<blockquote>
<p>To run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.</p>
</blockquote>

<p><code># grub-bhyve test</code><br>
<code>GNU GRUB version 2.00</code><br>
<code>Minimal BASH-like line editing is supported. For the first word, TAB lists possible command</code><br>
<code>completions. Anywhere else TAB lists possible device or file completions.</code><br>
<code></code><br>
<code></code><br>
<code>grub&gt;</code></p>

<blockquote>
<p>After running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.</p>
</blockquote>

<p><code>grub&gt; ls</code><br>
<code>(host)</code><br>
<code>grub&gt; ls (host)/</code><br>
<code>libexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/</code><br>
<code>grub&gt;</code></p>

<blockquote>
<p>To exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL <code>ztank/bhyve/post</code>. On another terminal, we create:</p>
</blockquote>

<p><code># zfs create -V 10G ztank/bhyve/post</code></p>

<blockquote>
<p>If you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.</p>
</blockquote>

<p><code># truncate -s 10G post.img</code></p>

<blockquote>
<p>I recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.</p>
</blockquote>

<p><code>cat &gt; /tmp/post.map &lt;&lt; EOF</code><br>
<code>(hd0) /directory/to/disk/image</code><br>
<code>(hd1) /dev/zvol/ztank/bhyve/post</code><br>
<code>EOF</code></p>

<blockquote>
<p>The mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.</p>
</blockquote>

<p><code># grub-bhyve -m /tmp/post.map post</code><br>
<code>grub&gt; ls</code><br>
<code>(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)</code></p>

<blockquote>
<p>The hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.</p>
</blockquote>

<p><code>grub&gt; ls (hd0,msdos4)/</code><br>
<code>boot bsd 6.4/ etc/</code></p>

<blockquote>
<p>And this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:</p>
</blockquote>

<p><code>grub&gt; set root=(hd0,msdos4)</code><br>
<code>grub&gt; kopenbsd -h com0 -r sd0a /bsd</code><br>
<code>grub&gt; boot</code></p>

<blockquote>
<p>After that, we can run bhyve virtual machine. In my case it is:</p>
</blockquote>

<p><code># bhyve -c 1 -w -u -H \</code><br>
<code>-s 0,amd_hostbridge \</code><br>
<code>-s 3,ahci-hd,/directory/to/disk/image \</code><br>
<code>-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \</code><br>
<code>-s 31,lpc -l com1,stdio \</code><br>
<code>post</code></p>

<blockquote>
<p>Unfortunately explaining the whole bhyve(8)  command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.</p>
</blockquote>

<p><code>cat &lt;&lt; EOF | grub-bhyve -m /tmp/post.map -M 512 post</code><br>
<code>set root=(hd0,4)</code><br>
<code>kopenbsd -h com0 -r sd0a /bsd</code><br>
<code>boot</code><br>
<code>EOF</code></p>

<hr>

<p>###<a href="https://vermaden.wordpress.com/2018/09/07/my-freebsd-story/" rel="nofollow noopener">My FreeBSD Story</a></p>

<blockquote>
<p>My first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.<br>
Back then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600<br>
Then I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.<br>
At the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.<br>
After ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??<br>
I do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.<br>
I always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.<br>
After half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??<br>
Of course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.<br>
Somewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent <a href="http://BSDForums.org" rel="nofollow noopener">BSDForums.org</a> site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.<br>
Why FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.<br>
As the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.<br>
After 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t</p>
</blockquote>

<hr>

<p>##News Roundup<br>
###<a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/" rel="nofollow noopener">OpenBSD on the Desktop: some thoughts</a></p>

<blockquote>
<p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
I like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
Just install a browser and you’re ready to go.<br>
Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.<br>
Performance is not first-class, mostly because of all the security mitigations and checks done at runtime.<br>
I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.<br>
To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
</blockquote>

<hr>

<p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/DirectoryDTypeHistory" rel="nofollow noopener">The history of file type information being available in Unix directories</a></p>

<blockquote>
<p>The two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:<br>
[…], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional d_type field that has the directory entry’s type.<br>
On Twitter, I recently grumbled about Illumos not having this d_type field. The ensuing conversation wound up with me curious about exactly where d_type came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of d_type.<br>
On the kernel side, d_type appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a d_type field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD d_type was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.<br>
(In FreeBSD, the most convenient history I can find is here, and the d_type field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)<br>
Documentation for d_type appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.<br>
In Linux, it seems that a dirent structure with a d_type member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the d_type field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented d_type, and probably many years after it was actually available if you peeked at the structure definition.<br>
As far as I can tell, d_type is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.<br>
Sidebar: The filesystem also matters on modern Unixes<br>
Even if your Unix supports d_type in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with d_type support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DT_UNKNOWN.<br>
It’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.</p>
</blockquote>

<hr>

<p>###<a href="https://euroquis.nl/bobulate/?p=1979" rel="nofollow noopener">Multiboot Pinebook KDE neon</a></p>

<blockquote>
<p>Recently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.<br>
Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.<br>
But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.<br>
I have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.<br>
Here’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.<br>
The nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.<br>
So to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.</p>
</blockquote>

<hr>

<p>##Beastie Bits</p>

<ul>
<li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-September/357883.html" rel="nofollow noopener">Unexpected benefit with Ryzen – reducing power for build server</a></li>
<li><a href="https://mwl.io/archives/3758" rel="nofollow noopener">Happy #CIDRDay!</a></li>
<li><a href="https://mwl.io/archives/3771" rel="nofollow noopener">Absolute FreeBSD 3e ship date</a></li>
<li><a href="http://www.mug.org/" rel="nofollow noopener">MWL FreeBSD talk @ October 9th 2018 - MUG Meeting</a></li>
<li><a href="https://www.ixsystems.com/blog/meetbsd-2018-countdown/" rel="nofollow noopener">MeetBSD Oct 19-20</a></li>
<li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-September/014218.html" rel="nofollow noopener">October’s London *BSD meetup - 9th Oct 2018</a></li>
<li><a href="https://www.bsd.nrw/" rel="nofollow noopener">NRW BUG Meeting at Trivago Oct. 9</a></li>
<li><a href="https://blog.socruel.nu/misc/eurobsdcon-2018.html" rel="nofollow noopener">Lars Wittebrood blogs about his visit to EuroBSDCon 2018</a></li>
<li><a href="https://undeadly.org/cgi?action=article;sid=20180925075334" rel="nofollow noopener">EuroBSDcon 2018 OpenBSD slides available</a></li>
<li><a href="https://2018.eurobsdcon.org/talks-speakers/" rel="nofollow noopener">EuroBSDCon conference site has most slides as well</a></li>
</ul>

<hr>

<p>##Feedback/Questions</p>

<ul>
<li>Brad - <a href="http://dpaste.com/3T9M2QC#wrap" rel="nofollow noopener">Unmounted ZFS sends</a></li>
<li>Niclas - <a href="http://dpaste.com/11TKDK2" rel="nofollow noopener">Report from a Meetup</a></li>
<li>Ghislain - <a href="http://dpaste.com/2790GC6" rel="nofollow noopener">Bhyve not used?</a></li>
<li>Shane - <a href="http://dpaste.com/1P055SQ" rel="nofollow noopener">zpool history and snapshots</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Running OpenBSD/NetBSD on FreeBSD using grub2-bhyve, vermaden’s FreeBSD story, thoughts on OpenBSD on the desktop, history of file type info in Unix dirs, Multiboot a Pinebook KDE neon image, and more.</p>

<p>##Headlines<br>
###<a href="https://oshogbo.vexillium.org/blog/53/" rel="nofollow noopener">OpenBSD/NetBSD on FreeBSD using grub2-bhyve</a></p>

<blockquote>
<p>When I was writing a blog post about the process title, I needed a couple of virtual machines with OpenBSD, NetBSD, and Ubuntu. Before that day I mainly used FreeBSD and Windows with bhyve. I spent some time trying to set up an OpenBSD using bhyve and UEFI as described here. I had numerous problems trying to use it, and this was the day I discovered the grub2-bhyve tool, and I love it!<br>
The grub2-bhyve allows you to load a kernel using GRUB bootloader. GRUB supports most of the operating systems with a standard configuration, so exactly the same method can be used to install NetBSD or Ubuntu. First, let’s install grub2-bhyve on our FreeBSD box:</p>
</blockquote>

<p><code># pkg install grub2-bhyve</code></p>

<blockquote>
<p>To run grub2-bhyve we need to provide at least the name of the VM. In bhyve, if the memsize is not specified the default VM is created with 256MB of the memory.</p>
</blockquote>

<p><code># grub-bhyve test</code><br>
<code>GNU GRUB version 2.00</code><br>
<code>Minimal BASH-like line editing is supported. For the first word, TAB lists possible command</code><br>
<code>completions. Anywhere else TAB lists possible device or file completions.</code><br>
<code></code><br>
<code></code><br>
<code>grub&gt;</code></p>

<blockquote>
<p>After running grub-bhyve command we will enter the GRUB loader. If we type the ls command, we will see all the available devices. In the case of the grub2-bhyve there is one additional device called “(host)” that is always available and allows the host filesystem to be accessed. We can list files under that device.</p>
</blockquote>

<p><code>grub&gt; ls</code><br>
<code>(host)</code><br>
<code>grub&gt; ls (host)/</code><br>
<code>libexec/ bin/ usr/ bhyve/ compat/ tank/ etc/ boot/ net/ entropy proc/ lib/ root/ sys/ mnt/ rescue/ tmp/ home/ sbin/ media/ jail/ COPYRIGHT var/ dev/</code><br>
<code>grub&gt;</code></p>

<blockquote>
<p>To exit console simply type ‘reboot’. I would like to install my new operating system under a ZVOL <code>ztank/bhyve/post</code>. On another terminal, we create:</p>
</blockquote>

<p><code># zfs create -V 10G ztank/bhyve/post</code></p>

<blockquote>
<p>If you don’t use ZFS for some crazy reason you can also create a raw blob using the truncate(1) command.</p>
</blockquote>

<p><code># truncate -s 10G post.img</code></p>

<blockquote>
<p>I recommend installing an operating system from the disk image (installXX.fs for OpenBSD and NetBSD-X.X-amd64-install.img for NetBSD). Now we need to create a device map for a GRUB.</p>
</blockquote>

<p><code>cat &gt; /tmp/post.map &lt;&lt; EOF</code><br>
<code>(hd0) /directory/to/disk/image</code><br>
<code>(hd1) /dev/zvol/ztank/bhyve/post</code><br>
<code>EOF</code></p>

<blockquote>
<p>The mapping files describe the names for files in the GRUB. In our case under hd0 we will have an installation image and in hd1 we will have our ZVOL/blob. You can also try to use an ISO image then instead of using hd0 device name use a cd0. When we will run the grub-bhyve command we will see two additional devices.</p>
</blockquote>

<p><code># grub-bhyve -m /tmp/post.map post</code><br>
<code>grub&gt; ls</code><br>
<code>(hd0) (hd0,msdos4) (hd0,msdos1) (hd0,openbsd9) (hd0,openbsd1) (hd1) (host)</code></p>

<blockquote>
<p>The hd0 (in this example OpenBSD image) contains multiple partitions. We can check what is on it.</p>
</blockquote>

<p><code>grub&gt; ls (hd0,msdos4)/</code><br>
<code>boot bsd 6.4/ etc/</code></p>

<blockquote>
<p>And this is the partition that contains a kernel. Now we can set a root device, load an OpenBSD kernel and boot:</p>
</blockquote>

<p><code>grub&gt; set root=(hd0,msdos4)</code><br>
<code>grub&gt; kopenbsd -h com0 -r sd0a /bsd</code><br>
<code>grub&gt; boot</code></p>

<blockquote>
<p>After that, we can run bhyve virtual machine. In my case it is:</p>
</blockquote>

<p><code># bhyve -c 1 -w -u -H \</code><br>
<code>-s 0,amd_hostbridge \</code><br>
<code>-s 3,ahci-hd,/directory/to/disk/image \</code><br>
<code>-s 4,ahci-hd,/dev/zvol/ztank/bhyve/post \</code><br>
<code>-s 31,lpc -l com1,stdio \</code><br>
<code>post</code></p>

<blockquote>
<p>Unfortunately explaining the whole bhyve(8)  command line is beyond this article. After installing the operating system remove hd0 from the mapping file and the image from the bhyve(8) command. If you don’t want to type all those GRUB commands, you can simply redirect them to the standard input.</p>
</blockquote>

<p><code>cat &lt;&lt; EOF | grub-bhyve -m /tmp/post.map -M 512 post</code><br>
<code>set root=(hd0,4)</code><br>
<code>kopenbsd -h com0 -r sd0a /bsd</code><br>
<code>boot</code><br>
<code>EOF</code></p>

<hr>

<p>###<a href="https://vermaden.wordpress.com/2018/09/07/my-freebsd-story/" rel="nofollow noopener">My FreeBSD Story</a></p>

<blockquote>
<p>My first devices/computers/consoles (not at the same time) that I remember were Atari 2600 and Pegasus console which was hardware clone of the Nintendo NES.<br>
Back then I did not even knew that it was Atari 2600 as I referred to it as Video Computer System … and I did not even knew any english by then. It took me about two decades to get to know (by accident) that this Video Computer System was Atari 2600<br>
Then I got AMIGA 600 computer (or should I say my parents bought it for me) which served both for playing computer games and also other activities for the first time. AMIGA is the computer that had the greatest influence on me, as it was the first time I studied the books about Amiga Workbench operating system and learned commands from Amiga Shell terminal. I loved the idea of Ram Disk icon/directory on the desktop that allowed me to transparently put any things in system memory. I still miss that concept on today’s desktop systems … and I still remember how dismal I was when I watched Amiga Deathbed Vigil movie.<br>
At the end of 1998 I got my first PC that of course came with Windows and that computer served both as gaming machine and as well as typical tool. One time I dig into the internals with Windows Registry (which left me disgusted by its concepts and implementation) and its limited command line interface provided by CMD.EXE executable. I remember that the heart of this box was not the CPU or the motherboard but the graphics accelerator – the legendary 3Dfx Voodoo card. This company (3Dfx) – their attitude and philosophy – also left solid fingerprint on my way. Like AMIGA did.<br>
After ‘migration’ from AMIGA to PC it never again ‘felt right’. The games were cool but the Windows system was horrible. Time has passed and different Windows versions and hardware modifications took place. Windows XP felt really heavy at that time, not to mention Windows 2000 for example with even bigger hardware requirements. I also do not understand all the hate about Windows ME. It crashed with the same frequency as Windows 98 or later Windows 98 Second Edition but maybe my hardware was different ??<br>
I do not have any ‘mine’ screenshots from that period as I lost all my 40 GB (huge then) drive of data when I moved/resized the partition with Partition Magic to get some more space from the less filled C: drive. That day I learned hard that “there are people who do backups and people who will do backups”. I never lost data again as I had multiple copies of my data, but the same as Netheril fall the lost data was was gone forever.<br>
I always followed various alternatives which led me to try Linux in 2003, after reading about various distributions philosophies I decided to run Slackware Linux with KDE 3. My buddy used Aurox Linux by then (one of the few Linux distributions from Poland) and encouraged me to do the same – especially in the context of fixing possible problems as he already knew it and also as he recently dumped Windows system. But Slackware sounded like a better idea so I took that path instead. At first I dual booted between Windows XP and Slackware Linux cause I had everything worked out on the Windows world while I often felt helpless in the Linux world, so I would reboot into Windows to play some games or find a solution for Linux problem if that was required. I remember how strange the concept of dual clipboards (PRIMARY and SECONDARY) was for me by then. I was amazed why ‘so much better’ system as Linux (at least marketed that way) needs a system tray program to literally manage the clipboard. On Windows it was obvious, you do [CTRL]+[C] to copy and [CTRL]+[V] to paste things, but on Linux there (no I know its X11 feature) there were two clipboards that were synchronized by this little system tray program from KDE 3. It was also unthinkable for me that I will ‘lost’ contents of last/recent [CTRL]+[C] operation if I close the application from which the copy was made. I settled down a little on Slackware but not for long. I really did not liked manual dependency management for packages for example. Also KDE 3 was really ugly and despite trying all possible options I was not able to tweak it into something nice looking.<br>
After half a year on Slackware I checked the Linux distributions again and decided to try Gentoo Linux. I definitely agree with the image below which visualizes Gentoo Linux experience, especially when You install it for he first time ??<br>
Of course I went with the most hardcore version with self building Stage 1 (compiler and toolchain) which was horrible idea at that time because compilation on slow single core machine took forever … but after many hours I got Gentoo installed. I now have to decide which desktop environment to use. I have read a lot of good news about Fluxbox at that time so this is what I tried. It was very weird experience (to create everything in GUI from scratch) but very pleasant one. That recalled me the times of AMIGA … but Linux came in the way too much often. The more I dig into Gentoo Linux the more I read that lots of Gentoo features are based on FreeBSD solutions. Gentoo Portage is a clone of FreeBSD Ports. That ‘central’ /etc/rc.conf system configuration file concept was taken from FreeBSD as well. So I started to gather information about FreeBSD. The (then) FreeBSD website or FreeBSD Ports site (still) felt little outdated to say the least but that did not discouraged me.<br>
Somewhere in 2005 I installed FreeBSD 5.4 on my computer. The beginnings were hard, like the earlier step with Gentoo but similarly like Gentoo the FreeBSD project came with a lot of great documentation. While Gentoo documentation is concentrated within various Gentoo Wiki sites the FreeBSD project comes with ‘official’ documentation in the form of Handbook and FAQ. I remember my first questions at the now nonexistent <a href="http://BSDForums.org" rel="nofollow noopener">BSDForums.org</a> site – for example one of the first ones – how to scroll the terminal output in the plain console. I now know that I had to push Scroll Lock button but it was something totally new for me.<br>
Why FreeBSD and not OpenBSD or NetBSD? Probably because Gentoo based most their concepts on the FreeBSD solutions, so that led me to FreeBSD instead of the other BSD operating systems. Currently I still use FreeBSD but I keep an steady eye on the OpenBSD, HardenedBSD and DragonFly BSD solutions and improvements.<br>
As the migration path from Linux to FreeBSD is a lot easier – all configuration files from /home can be just copied – the migration was quite fast easy. I again had the Fluxbox configuration which I used on the Gentoo. Now – on FreeBSD – it started to fell even more like AMIGA times. Everything is/has been well thought and had its place and reason. The documentation was good and the FreeBSD Community was second to none.<br>
After 15 years of using various Windows, UNIX (macOS/AIX/HP-UX/Solaris/OpenSolaris/Illumos/FreeBSD/OpenBSD/NetBSD) and UNIX-like (Linux) systems I always come to conclusion that FreeBSD is the system that sucks least. And sucks least with each release and one day I will write why FreeBSD is such great operating system … if I already haven’t</p>
</blockquote>

<hr>

<p>##News Roundup<br>
###<a href="https://blog.gsora.xyz/openbsd-on-the-desktop-some-thoughts/" rel="nofollow noopener">OpenBSD on the Desktop: some thoughts</a></p>

<blockquote>
<p>I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.<br>
The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative. You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI. That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS. Their development process is purely based on developers that love to contribute and hack around, just because it’s fun. Even the mailing list is a cool place to hang on! Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first - nowadays the first two properties should be enforced in every major operating system.<br>
I like the idea of a platform that continually evolves. pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.<br>
I like the “sensible defaults” approach, having an OS ready to be used - UI included if you selected it during the setup process - is great.<br>
Just install a browser and you’re ready to go.<br>
Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares. They help you understand inner workings of the operating system, no internet connection needed. There are some trade-offs, too.<br>
Performance is not first-class, mostly because of all the security mitigations and checks done at runtime.<br>
I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference. Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems. But again, trade-offs.<br>
To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.</p>
</blockquote>

<hr>

<p>###<a href="https://utcc.utoronto.ca/~cks/space/blog/unix/DirectoryDTypeHistory" rel="nofollow noopener">The history of file type information being available in Unix directories</a></p>

<blockquote>
<p>The two things that Unix directory entries absolutely have to have are the name of the directory entry and its ‘inode’, by which we generically mean some stable kernel identifier for the file that will persist if it gets renamed, linked to other directories, and so on. Unsurprisingly, directory entries have had these since the days when you read the raw bytes of directories with read(), and for a long time that was all they had; if you wanted more than the name and the inode number, you had to stat() the file, not just read the directory. Then, well, I’ll quote myself from an old entry on a find optimization:<br>
[…], Unix filesystem developers realized that it was very common for programs reading directories to need to know a bit more about directory entries than just their names, especially their file types (find is the obvious case, but also consider things like ‘ls -F’). Given that the type of an active inode never changes, it’s possible to embed this information straight in the directory entry and then return this to user level, and that’s what developers did; on some systems, readdir(3) will now return directory entries with an additional d_type field that has the directory entry’s type.<br>
On Twitter, I recently grumbled about Illumos not having this d_type field. The ensuing conversation wound up with me curious about exactly where d_type came from and how far back it went. The answer turns out to be a bit surprising due to there being two sides of d_type.<br>
On the kernel side, d_type appears to have shown up in 4.4 BSD. The 4.4 BSD /usr/src/sys/dirent.h has a struct dirent that has a d_type field, but the field isn’t documented in either the comments in the file or in the getdirentries(2) manpage; both of those admit only to the traditional BSD dirent fields. This 4.4 BSD d_type was carried through to things that inherited from 4.4 BSD (Lite), specifically FreeBSD, but it continued to be undocumented for at least a while.<br>
(In FreeBSD, the most convenient history I can find is here, and the d_type field is present in sys/dirent.h as far back as FreeBSD 2.0, which seems to be as far as the repo goes for releases.)<br>
Documentation for d_type appeared in the getdirentries(2) manpage in FreeBSD 2.2.0, where the manpage itself claims to have been updated on May 3rd 1995 (cf). In FreeBSD, this appears to have been part of merging 4.4 BSD ‘Lite2’, which seems to have been done in 1997. I stumbled over a repo of UCB BSD commit history, and in it the documentation appears in this May 3rd 1995 change, which at least has the same date. It appears that FreeBSD 2.2.0 was released some time in 1997, which is when this would have appeared in an official release.<br>
In Linux, it seems that a dirent structure with a d_type member appeared only just before 2.4.0, which was released at the start of 2001. Linux took this long because the d_type field only appeared in the 64-bit ‘large file support’ version of the dirent structure, and so was only return by the new 64-bit getdents64() system call. This would have been a few years after FreeBSD officially documented d_type, and probably many years after it was actually available if you peeked at the structure definition.<br>
As far as I can tell, d_type is present on Linux, FreeBSD, OpenBSD, NetBSD, Dragonfly BSD, and Darwin (aka MacOS or OS X). It’s not present on Solaris and thus Illumos. As far as other commercial Unixes go, you’re on your own; all the links to manpages for things like AIX from my old entry on the remaining Unixes appear to have rotted away.<br>
Sidebar: The filesystem also matters on modern Unixes<br>
Even if your Unix supports d_type in directory entries, it doesn’t mean that it’s supported by the filesystem of any specific directory. As far as I know, every Unix with d_type support has support for it in their normal local filesystems, but it’s not guaranteed to be in all filesystems, especially non-Unix ones like FAT32. Your code should always be prepared to deal with a file type of DT_UNKNOWN.<br>
It’s also possible to have things the other way around, where you have a filesystem with support for file type information in directories that’s on a Unix that doesn’t support it. There are a number of plausible reasons for this to happen, but they’re either obvious or beyond the scope of this entry.</p>
</blockquote>

<hr>

<p>###<a href="https://euroquis.nl/bobulate/?p=1979" rel="nofollow noopener">Multiboot Pinebook KDE neon</a></p>

<blockquote>
<p>Recently a KDE neon image for the Pinebook was announced. There is a new image, with a handful of fixes, which the KDE Plasma team has been working on over the past week and a half.<br>
Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.<br>
But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.<br>
I have the u-boot from a Pine64 image (I forget what) lying around, 1015 blocks of 1024 bytes, which I can dd over the u-boot blocks on the SD card, dd bs=1k conv=notrunc,sync if=uboot.img of=/dev/da0 seek=8, and then the same SD card, with the filesystem and data from the Pinebook, will boot on the Pine64 board. Of course, to move the SD card back again, I need to restore the Pinebook u-boot blocks.<br>
Here’s a picture of my Pineboard (the base is a piece of the garden fence, it’s Douglas pine, with 4mm threaded rods acting as the corner posts for my Pine64 mini-rack), with power and network and a serial console attached, along with the serial console output of the same.<br>
The nice thing here is that the same software stack runs on the Pine64 but then has a wired network — which in turn means that if I switch on the other boards in that mini-rack, I’ve got a distcc-capable cluster for fast development, and vast NFS storage (served from ZFS on my FreeBSD machines) for source. I can develop in a high(er) powered environment, and then swap the card around into the Pinebook for testing-on-the-go.<br>
So to sum up: you can multiboot the KDE neon Pinebook image on other Pine64 hardware (i.e. the Pine64 board). To do so, you need to swap around u-boot blocks. The blocks can be picked out of an image built for each board, and then a particular image (e.g. the latest KDE neon Pinebook) can be run on either board.</p>
</blockquote>

<hr>

<p>##Beastie Bits</p>

<ul>
<li><a href="http://lists.dragonflybsd.org/pipermail/users/2018-September/357883.html" rel="nofollow noopener">Unexpected benefit with Ryzen – reducing power for build server</a></li>
<li><a href="https://mwl.io/archives/3758" rel="nofollow noopener">Happy #CIDRDay!</a></li>
<li><a href="https://mwl.io/archives/3771" rel="nofollow noopener">Absolute FreeBSD 3e ship date</a></li>
<li><a href="http://www.mug.org/" rel="nofollow noopener">MWL FreeBSD talk @ October 9th 2018 - MUG Meeting</a></li>
<li><a href="https://www.ixsystems.com/blog/meetbsd-2018-countdown/" rel="nofollow noopener">MeetBSD Oct 19-20</a></li>
<li><a href="http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2018-September/014218.html" rel="nofollow noopener">October’s London *BSD meetup - 9th Oct 2018</a></li>
<li><a href="https://www.bsd.nrw/" rel="nofollow noopener">NRW BUG Meeting at Trivago Oct. 9</a></li>
<li><a href="https://blog.socruel.nu/misc/eurobsdcon-2018.html" rel="nofollow noopener">Lars Wittebrood blogs about his visit to EuroBSDCon 2018</a></li>
<li><a href="https://undeadly.org/cgi?action=article;sid=20180925075334" rel="nofollow noopener">EuroBSDcon 2018 OpenBSD slides available</a></li>
<li><a href="https://2018.eurobsdcon.org/talks-speakers/" rel="nofollow noopener">EuroBSDCon conference site has most slides as well</a></li>
</ul>

<hr>

<p>##Feedback/Questions</p>

<ul>
<li>Brad - <a href="http://dpaste.com/3T9M2QC#wrap" rel="nofollow noopener">Unmounted ZFS sends</a></li>
<li>Niclas - <a href="http://dpaste.com/11TKDK2" rel="nofollow noopener">Report from a Meetup</a></li>
<li>Ghislain - <a href="http://dpaste.com/2790GC6" rel="nofollow noopener">Bhyve not used?</a></li>
<li>Shane - <a href="http://dpaste.com/1P055SQ" rel="nofollow noopener">zpool history and snapshots</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>]]>
  </itunes:summary>
</item>
<item>
  <title>105: Virginia BSD Assembly</title>
  <link>https://www.bsdnow.tv/105</link>
  <guid isPermaLink="false">09c955b0-1ecf-440f-9aa9-80dc2fb05a49</guid>
  <pubDate>Wed, 02 Sep 2015 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/09c955b0-1ecf-440f-9aa9-80dc2fb05a49.mp3" length="47635924" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out.</itunes:subtitle>
  <itunes:duration>1:06:09</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=144104398132541&amp;amp;w=2" rel="nofollow noopener"&gt;OpenBSD hypervisor coming soon&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Our buddy Mike Larkin never rests, and he posted some very tight-lipped &lt;a href="http://pastebin.com/raw.php?i=F2Qbgdde" rel="nofollow noopener"&gt;console output&lt;/a&gt; on Twitter recently&lt;/li&gt;
&lt;li&gt;From what little he revealed &lt;a href="https://twitter.com/mlarkin2012/status/638265767864070144" rel="nofollow noopener"&gt;at the time&lt;/a&gt;, it appeared to be a new &lt;a href="https://en.wikipedia.org/wiki/Hypervisor" rel="nofollow noopener"&gt;hypervisor&lt;/a&gt; (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled "vmm"&lt;/li&gt;
&lt;li&gt;Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is&lt;/li&gt;
&lt;li&gt;Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation&lt;/li&gt;
&lt;li&gt;One thing to note: this &lt;strong&gt;isn't&lt;/strong&gt; just a port of something like Xen or Bhyve; it's all-new code, and Mike explains why he chose to go that route&lt;/li&gt;
&lt;li&gt;He also answered some basic questions about the requirements, when it'll be available, what OSes it can run, what's left to do, how to get involved and so on
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.darknedgy.net/technology/2015/08/26/0/" rel="nofollow noopener"&gt;Why FreeBSD should not adopt launchd&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://www.bsdnow.tv/episodes/2015_08_26-beverly_hills_25519" rel="nofollow noopener"&gt;Last week&lt;/a&gt; we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD&lt;/li&gt;
&lt;li&gt;One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we've learned)&lt;/li&gt;
&lt;li&gt;In this article, the author talks about why he thinks this is a bad idea&lt;/li&gt;
&lt;li&gt;He doesn't oppose the integration into FreeBSD-&lt;em&gt;derived&lt;/em&gt; projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail&lt;/li&gt;
&lt;li&gt;The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities&lt;/li&gt;
&lt;li&gt;Reddit had &lt;a href="https://www.reddit.com/r/BSD/comments/3ilhpk" rel="nofollow noopener"&gt;quite a bit&lt;/a&gt; &lt;a href="https://www.reddit.com/r/freebsd/comments/3ilj4i" rel="nofollow noopener"&gt;to say&lt;/a&gt; about this one, some in agreement and some not
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://lists.dragonflybsd.org/pipermail/commits/2015-August/458108.html" rel="nofollow noopener"&gt;DragonFly graphics improvements&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack&lt;/li&gt;
&lt;li&gt;This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs&lt;/li&gt;
&lt;li&gt;You should also see some power management improvements, longer battery life and various other bug fixes&lt;/li&gt;
&lt;li&gt;If you're running DragonFly, especially on a laptop, you'll want to get this stuff on your machine quick - big improvements all around
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=144070638327053&amp;amp;w=2" rel="nofollow noopener"&gt;OpenBSD tames the userland&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Last week we mentioned OpenBSD's tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are&lt;/li&gt;
&lt;li&gt;Theo posted a &lt;em&gt;mega diff&lt;/em&gt; of nearly 100 smaller diffs, adding tame support to many areas of the userland tools&lt;/li&gt;
&lt;li&gt;It's still a work-in-progress version; there's still more to be added (including the file path whitelist stuff)&lt;/li&gt;
&lt;li&gt;Some classic utilities are even being reworked to make taming them easier - &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=144103945031253&amp;amp;w=2" rel="nofollow noopener"&gt;the "w" command&lt;/a&gt;, for example&lt;/li&gt;
&lt;li&gt;The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)&lt;/li&gt;
&lt;li&gt;More discussion can be found &lt;a href="https://news.ycombinator.com/item?id=10135901" rel="nofollow noopener"&gt;on HN&lt;/a&gt;, as one might expect&lt;/li&gt;
&lt;li&gt;If you're a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Scott Courtney - &lt;a href="mailto:vbsdcon@verisign.com" rel="nofollow noopener"&gt;vbsdcon@verisign.com&lt;/a&gt; / &lt;a href="https://twitter.com/verisign" rel="nofollow noopener"&gt;@verisign&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://vbsdcon.com/" rel="nofollow noopener"&gt;vBSDCon&lt;/a&gt; 2015&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://opnsense.org/opnsense-beyond-the-fork" rel="nofollow noopener"&gt;OPNsense, beyond the fork&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We first &lt;a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener"&gt;heard about&lt;/a&gt; OPNsense back in January, and they've since released nearly &lt;strong&gt;40&lt;/strong&gt; versions, spanning over &lt;strong&gt;5,000&lt;/strong&gt; commits&lt;/li&gt;
&lt;li&gt;This is their first big status update, covering some of the things that've happened since the project was born&lt;/li&gt;
&lt;li&gt;There's been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20150827112006" rel="nofollow noopener"&gt;LibreSSL nukes SSLv3&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;With their latest release, LibreSSL began to turn off &lt;a href="http://disablessl3.com" rel="nofollow noopener"&gt;SSLv3&lt;/a&gt; support, starting with the "openssl" command&lt;/li&gt;
&lt;li&gt;At the time, SSLv3 wasn't disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)&lt;/li&gt;
&lt;li&gt;They've now flipped the switch, and the process of complete removal has started&lt;/li&gt;
&lt;li&gt;From the Undeadly summary, "This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!"&lt;/li&gt;
&lt;li&gt;With this change and a few more to follow shortly, Libre*SSL* won't actually &lt;em&gt;support SSL&lt;/em&gt; anymore - time to rename it "LibreTLS"
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://caia.swin.edu.au/urp/newtcp/mptcp/tools/v05/mptcp-readme-v0.5.txt" rel="nofollow noopener"&gt;FreeBSD MPTCP updated&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;For anyone unaware, &lt;a href="https://en.wikipedia.org/wiki/Multipath_TCP" rel="nofollow noopener"&gt;Multipath TCP&lt;/a&gt; is "an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy."&lt;/li&gt;
&lt;li&gt;There's been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated&lt;/li&gt;
&lt;li&gt;Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements&lt;/li&gt;
&lt;li&gt;Some big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=144092912907778&amp;amp;w=2" rel="nofollow noopener"&gt;UEFI and GPT in OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;There hasn't been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently&lt;/li&gt;
&lt;li&gt;Some &lt;a href="https://github.com/yasuoka/openbsd-uefi" rel="nofollow noopener"&gt;support&lt;/a&gt; for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review&lt;/li&gt;
&lt;li&gt;This comes along with a &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=143732984925140&amp;amp;w=2" rel="nofollow noopener"&gt;number&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=144088136200753&amp;amp;w=2" rel="nofollow noopener"&gt;of&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=144046793225230&amp;amp;w=2" rel="nofollow noopener"&gt;other&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=144045760723039&amp;amp;w=2" rel="nofollow noopener"&gt;commits&lt;/a&gt; related to GPT, much of which is being refactored and slowly reintroduced&lt;/li&gt;
&lt;li&gt;Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should "just work" with GPT (once everything's in)&lt;/li&gt;
&lt;li&gt;The UEFI bootloader support &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=144115942223734&amp;amp;w=2" rel="nofollow noopener"&gt;has been committed&lt;/a&gt;, so stay tuned for &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20150902074526&amp;amp;mode=flat" rel="nofollow noopener"&gt;more updates&lt;/a&gt; as &lt;a href="https://twitter.com/kotatsu_mi/status/638909417761562624" rel="nofollow noopener"&gt;further&lt;/a&gt; &lt;a href="https://twitter.com/yojiro/status/638189353601097728" rel="nofollow noopener"&gt;progress&lt;/a&gt; is made
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2sIWfb3Qh" rel="nofollow noopener"&gt;John writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2Ybrx00KI" rel="nofollow noopener"&gt;Mason writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20FpmR7ZW" rel="nofollow noopener"&gt;Earl writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, verisign, vbsdcon, conference, eurobsdcon, bsdcan, meetbsd, asiabsdcon, nextbsd, launchd, darwin, tame, mach, libressl, vmm, hypervisor, bhyve, multipath, tcp</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=144104398132541&amp;w=2" rel="nofollow noopener">OpenBSD hypervisor coming soon</a></h3>

<ul>
<li>Our buddy Mike Larkin never rests, and he posted some very tight-lipped <a href="http://pastebin.com/raw.php?i=F2Qbgdde" rel="nofollow noopener">console output</a> on Twitter recently</li>
<li>From what little he revealed <a href="https://twitter.com/mlarkin2012/status/638265767864070144" rel="nofollow noopener">at the time</a>, it appeared to be a new <a href="https://en.wikipedia.org/wiki/Hypervisor" rel="nofollow noopener">hypervisor</a> (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled "vmm"</li>
<li>Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is</li>
<li>Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation</li>
<li>One thing to note: this <strong>isn't</strong> just a port of something like Xen or Bhyve; it's all-new code, and Mike explains why he chose to go that route</li>
<li>He also answered some basic questions about the requirements, when it'll be available, what OSes it can run, what's left to do, how to get involved and so on
***</li>
</ul>

<h3><a href="http://blog.darknedgy.net/technology/2015/08/26/0/" rel="nofollow noopener">Why FreeBSD should not adopt launchd</a></h3>

<ul>
<li><a href="http://www.bsdnow.tv/episodes/2015_08_26-beverly_hills_25519" rel="nofollow noopener">Last week</a> we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD</li>
<li>One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we've learned)</li>
<li>In this article, the author talks about why he thinks this is a bad idea</li>
<li>He doesn't oppose the integration into FreeBSD-<em>derived</em> projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail</li>
<li>The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities</li>
<li>Reddit had <a href="https://www.reddit.com/r/BSD/comments/3ilhpk" rel="nofollow noopener">quite a bit</a> <a href="https://www.reddit.com/r/freebsd/comments/3ilj4i" rel="nofollow noopener">to say</a> about this one, some in agreement and some not
***</li>
</ul>

<h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2015-August/458108.html" rel="nofollow noopener">DragonFly graphics improvements</a></h3>

<ul>
<li>The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack</li>
<li>This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs</li>
<li>You should also see some power management improvements, longer battery life and various other bug fixes</li>
<li>If you're running DragonFly, especially on a laptop, you'll want to get this stuff on your machine quick - big improvements all around
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=144070638327053&amp;w=2" rel="nofollow noopener">OpenBSD tames the userland</a></h3>

<ul>
<li>Last week we mentioned OpenBSD's tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are</li>
<li>Theo posted a <em>mega diff</em> of nearly 100 smaller diffs, adding tame support to many areas of the userland tools</li>
<li>It's still a work-in-progress version; there's still more to be added (including the file path whitelist stuff)</li>
<li>Some classic utilities are even being reworked to make taming them easier - <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144103945031253&amp;w=2" rel="nofollow noopener">the "w" command</a>, for example</li>
<li>The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)</li>
<li>More discussion can be found <a href="https://news.ycombinator.com/item?id=10135901" rel="nofollow noopener">on HN</a>, as one might expect</li>
<li>If you're a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release
***</li>
</ul>

<h2>Interview - Scott Courtney - <a href="mailto:vbsdcon@verisign.com" rel="nofollow noopener">vbsdcon@verisign.com</a> / <a href="https://twitter.com/verisign" rel="nofollow noopener">@verisign</a></h2>

<p><a href="http://vbsdcon.com/" rel="nofollow noopener">vBSDCon</a> 2015</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://opnsense.org/opnsense-beyond-the-fork" rel="nofollow noopener">OPNsense, beyond the fork</a></h3>

<ul>
<li>We first <a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener">heard about</a> OPNsense back in January, and they've since released nearly <strong>40</strong> versions, spanning over <strong>5,000</strong> commits</li>
<li>This is their first big status update, covering some of the things that've happened since the project was born</li>
<li>There's been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20150827112006" rel="nofollow noopener">LibreSSL nukes SSLv3</a></h3>

<ul>
<li>With their latest release, LibreSSL began to turn off <a href="http://disablessl3.com" rel="nofollow noopener">SSLv3</a> support, starting with the "openssl" command</li>
<li>At the time, SSLv3 wasn't disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)</li>
<li>They've now flipped the switch, and the process of complete removal has started</li>
<li>From the Undeadly summary, "This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!"</li>
<li>With this change and a few more to follow shortly, Libre*SSL* won't actually <em>support SSL</em> anymore - time to rename it "LibreTLS"
***</li>
</ul>

<h3><a href="http://caia.swin.edu.au/urp/newtcp/mptcp/tools/v05/mptcp-readme-v0.5.txt" rel="nofollow noopener">FreeBSD MPTCP updated</a></h3>

<ul>
<li>For anyone unaware, <a href="https://en.wikipedia.org/wiki/Multipath_TCP" rel="nofollow noopener">Multipath TCP</a> is "an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy."</li>
<li>There's been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated</li>
<li>Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements</li>
<li>Some big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144092912907778&amp;w=2" rel="nofollow noopener">UEFI and GPT in OpenBSD</a></h3>

<ul>
<li>There hasn't been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently</li>
<li>Some <a href="https://github.com/yasuoka/openbsd-uefi" rel="nofollow noopener">support</a> for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review</li>
<li>This comes along with a <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143732984925140&amp;w=2" rel="nofollow noopener">number</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144088136200753&amp;w=2" rel="nofollow noopener">of</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144046793225230&amp;w=2" rel="nofollow noopener">other</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144045760723039&amp;w=2" rel="nofollow noopener">commits</a> related to GPT, much of which is being refactored and slowly reintroduced</li>
<li>Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should "just work" with GPT (once everything's in)</li>
<li>The UEFI bootloader support <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144115942223734&amp;w=2" rel="nofollow noopener">has been committed</a>, so stay tuned for <a href="http://undeadly.org/cgi?action=article&amp;sid=20150902074526&amp;mode=flat" rel="nofollow noopener">more updates</a> as <a href="https://twitter.com/kotatsu_mi/status/638909417761562624" rel="nofollow noopener">further</a> <a href="https://twitter.com/yojiro/status/638189353601097728" rel="nofollow noopener">progress</a> is made
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2sIWfb3Qh" rel="nofollow noopener">John writes in</a></li>
<li><a href="http://slexy.org/view/s2Ybrx00KI" rel="nofollow noopener">Mason writes in</a></li>
<li><a href="http://slexy.org/view/s20FpmR7ZW" rel="nofollow noopener">Earl writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=144104398132541&amp;w=2" rel="nofollow noopener">OpenBSD hypervisor coming soon</a></h3>

<ul>
<li>Our buddy Mike Larkin never rests, and he posted some very tight-lipped <a href="http://pastebin.com/raw.php?i=F2Qbgdde" rel="nofollow noopener">console output</a> on Twitter recently</li>
<li>From what little he revealed <a href="https://twitter.com/mlarkin2012/status/638265767864070144" rel="nofollow noopener">at the time</a>, it appeared to be a new <a href="https://en.wikipedia.org/wiki/Hypervisor" rel="nofollow noopener">hypervisor</a> (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled "vmm"</li>
<li>Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is</li>
<li>Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation</li>
<li>One thing to note: this <strong>isn't</strong> just a port of something like Xen or Bhyve; it's all-new code, and Mike explains why he chose to go that route</li>
<li>He also answered some basic questions about the requirements, when it'll be available, what OSes it can run, what's left to do, how to get involved and so on
***</li>
</ul>

<h3><a href="http://blog.darknedgy.net/technology/2015/08/26/0/" rel="nofollow noopener">Why FreeBSD should not adopt launchd</a></h3>

<ul>
<li><a href="http://www.bsdnow.tv/episodes/2015_08_26-beverly_hills_25519" rel="nofollow noopener">Last week</a> we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD</li>
<li>One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we've learned)</li>
<li>In this article, the author talks about why he thinks this is a bad idea</li>
<li>He doesn't oppose the integration into FreeBSD-<em>derived</em> projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail</li>
<li>The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities</li>
<li>Reddit had <a href="https://www.reddit.com/r/BSD/comments/3ilhpk" rel="nofollow noopener">quite a bit</a> <a href="https://www.reddit.com/r/freebsd/comments/3ilj4i" rel="nofollow noopener">to say</a> about this one, some in agreement and some not
***</li>
</ul>

<h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2015-August/458108.html" rel="nofollow noopener">DragonFly graphics improvements</a></h3>

<ul>
<li>The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack</li>
<li>This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs</li>
<li>You should also see some power management improvements, longer battery life and various other bug fixes</li>
<li>If you're running DragonFly, especially on a laptop, you'll want to get this stuff on your machine quick - big improvements all around
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=144070638327053&amp;w=2" rel="nofollow noopener">OpenBSD tames the userland</a></h3>

<ul>
<li>Last week we mentioned OpenBSD's tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are</li>
<li>Theo posted a <em>mega diff</em> of nearly 100 smaller diffs, adding tame support to many areas of the userland tools</li>
<li>It's still a work-in-progress version; there's still more to be added (including the file path whitelist stuff)</li>
<li>Some classic utilities are even being reworked to make taming them easier - <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144103945031253&amp;w=2" rel="nofollow noopener">the "w" command</a>, for example</li>
<li>The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)</li>
<li>More discussion can be found <a href="https://news.ycombinator.com/item?id=10135901" rel="nofollow noopener">on HN</a>, as one might expect</li>
<li>If you're a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release
***</li>
</ul>

<h2>Interview - Scott Courtney - <a href="mailto:vbsdcon@verisign.com" rel="nofollow noopener">vbsdcon@verisign.com</a> / <a href="https://twitter.com/verisign" rel="nofollow noopener">@verisign</a></h2>

<p><a href="http://vbsdcon.com/" rel="nofollow noopener">vBSDCon</a> 2015</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://opnsense.org/opnsense-beyond-the-fork" rel="nofollow noopener">OPNsense, beyond the fork</a></h3>

<ul>
<li>We first <a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener">heard about</a> OPNsense back in January, and they've since released nearly <strong>40</strong> versions, spanning over <strong>5,000</strong> commits</li>
<li>This is their first big status update, covering some of the things that've happened since the project was born</li>
<li>There's been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20150827112006" rel="nofollow noopener">LibreSSL nukes SSLv3</a></h3>

<ul>
<li>With their latest release, LibreSSL began to turn off <a href="http://disablessl3.com" rel="nofollow noopener">SSLv3</a> support, starting with the "openssl" command</li>
<li>At the time, SSLv3 wasn't disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)</li>
<li>They've now flipped the switch, and the process of complete removal has started</li>
<li>From the Undeadly summary, "This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!"</li>
<li>With this change and a few more to follow shortly, Libre*SSL* won't actually <em>support SSL</em> anymore - time to rename it "LibreTLS"
***</li>
</ul>

<h3><a href="http://caia.swin.edu.au/urp/newtcp/mptcp/tools/v05/mptcp-readme-v0.5.txt" rel="nofollow noopener">FreeBSD MPTCP updated</a></h3>

<ul>
<li>For anyone unaware, <a href="https://en.wikipedia.org/wiki/Multipath_TCP" rel="nofollow noopener">Multipath TCP</a> is "an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy."</li>
<li>There's been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated</li>
<li>Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements</li>
<li>Some big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144092912907778&amp;w=2" rel="nofollow noopener">UEFI and GPT in OpenBSD</a></h3>

<ul>
<li>There hasn't been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently</li>
<li>Some <a href="https://github.com/yasuoka/openbsd-uefi" rel="nofollow noopener">support</a> for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review</li>
<li>This comes along with a <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143732984925140&amp;w=2" rel="nofollow noopener">number</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144088136200753&amp;w=2" rel="nofollow noopener">of</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144046793225230&amp;w=2" rel="nofollow noopener">other</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144045760723039&amp;w=2" rel="nofollow noopener">commits</a> related to GPT, much of which is being refactored and slowly reintroduced</li>
<li>Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should "just work" with GPT (once everything's in)</li>
<li>The UEFI bootloader support <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=144115942223734&amp;w=2" rel="nofollow noopener">has been committed</a>, so stay tuned for <a href="http://undeadly.org/cgi?action=article&amp;sid=20150902074526&amp;mode=flat" rel="nofollow noopener">more updates</a> as <a href="https://twitter.com/kotatsu_mi/status/638909417761562624" rel="nofollow noopener">further</a> <a href="https://twitter.com/yojiro/status/638189353601097728" rel="nofollow noopener">progress</a> is made
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2sIWfb3Qh" rel="nofollow noopener">John writes in</a></li>
<li><a href="http://slexy.org/view/s2Ybrx00KI" rel="nofollow noopener">Mason writes in</a></li>
<li><a href="http://slexy.org/view/s20FpmR7ZW" rel="nofollow noopener">Earl writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>102: May Contain ZFS</title>
  <link>https://www.bsdnow.tv/102</link>
  <guid isPermaLink="false">e0de53ca-3dcf-4df7-a556-faa52c7788a7</guid>
  <pubDate>Wed, 12 Aug 2015 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e0de53ca-3dcf-4df7-a556-faa52c7788a7.mp3" length="48985492" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>This week on the show, we'll be talking with Peter Toth. He's got a jail management system called "iocage" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up.</itunes:subtitle>
  <itunes:duration>1:08:02</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;This week on the show, we'll be talking with Peter Toth. He's got a jail management system called "iocage" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.bidouilliste.com/blog/2015/07/22/FreeBSD-on-Olimex-RT5350F-OLinuXino" rel="nofollow noopener"&gt;FreeBSD on Olimex RT5350F-OLinuXino&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it)&lt;/li&gt;
&lt;li&gt;It's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM&lt;/li&gt;
&lt;li&gt;This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment&lt;/li&gt;
&lt;li&gt;In &lt;a href="https://www.bidouilliste.com/blog/2015/07/24/FreeBSD-on-Olimex-RT5350F-OLinuXino-Part-2" rel="nofollow noopener"&gt;part two of the series&lt;/a&gt;, he talks about the GPIO and how you can configure it&lt;/li&gt;
&lt;li&gt;Part three is still in the works, so check the site later on for further progress and info
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.azabani.com/2015/08/06/modern-openbsd-home-router.html" rel="nofollow noopener"&gt;The modern OpenBSD home router&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;In a new series of blog posts, one guy takes you through the process of building an &lt;a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener"&gt;OpenBSD-based gateway&lt;/a&gt; for his home network&lt;/li&gt;
&lt;li&gt;"It’s no secret that most consumer routers ship with software that’s flaky at best, and prohibitively insecure at worst"&lt;/li&gt;
&lt;li&gt;Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless&lt;/li&gt;
&lt;li&gt;This guide also covers PPP and IPv6, in case you have those requirements&lt;/li&gt;
&lt;li&gt;In a &lt;a href="http://jaytongarnett.blogspot.com/2015/07/openbsd-router-bt-home-hub-5-replacement.html" rel="nofollow noopener"&gt;similar but unrelated series&lt;/a&gt;, another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge&lt;/li&gt;
&lt;li&gt;He also has &lt;a href="http://jaytongarnett.blogspot.com/2015/08/openbsd-l2tpipsec-vpn-works-with.html" rel="nofollow noopener"&gt;a separate post&lt;/a&gt; for setting up an IPSEC VPN on the router
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://mail-index.netbsd.org/netbsd-advocacy/2015/08/10/msg000691.html" rel="nofollow noopener"&gt;NetBSD at Open Source Conference 2015 Kansai&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference&lt;/li&gt;
&lt;li&gt;They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event&lt;/li&gt;
&lt;li&gt;Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k&lt;/li&gt;
&lt;li&gt;They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it&lt;/li&gt;
&lt;li&gt;And what conference would be complete without an LED-powered towel
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034289.html" rel="nofollow noopener"&gt;OpenSSH 7.0 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code&lt;/li&gt;
&lt;li&gt;SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled&lt;/li&gt;
&lt;li&gt;The syntax for permitting root logins has been changed, and is now called "prohibit-password" instead of "without-password" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now&lt;/li&gt;
&lt;li&gt;If you're using an older configuration file, the "without-password" option still works, so no change is required&lt;/li&gt;
&lt;li&gt;You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications&lt;/li&gt;
&lt;li&gt;Various bug fixes and documentation improvements are also included&lt;/li&gt;
&lt;li&gt;Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users&lt;/li&gt;
&lt;li&gt;In the &lt;em&gt;next release&lt;/em&gt;, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Peter Toth - &lt;a href="mailto:peter.toth198@gmail.com" rel="nofollow noopener"&gt;peter.toth198@gmail.com&lt;/a&gt; / &lt;a href="https://twitter.com/pannonp" rel="nofollow noopener"&gt;@pannonp&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Containment with &lt;a href="https://github.com/iocage/iocage" rel="nofollow noopener"&gt;iocage&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20150809105132" rel="nofollow noopener"&gt;More c2k15 reports&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A few more hackathon reports from c2k15 in Calgary are still slowly trickling in&lt;/li&gt;
&lt;li&gt;Alexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things)&lt;/li&gt;
&lt;li&gt;He also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging&lt;/li&gt;
&lt;li&gt;Renato Westphal &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20150811171006" rel="nofollow noopener"&gt;sent in a report&lt;/a&gt; of his very first hackathon&lt;/li&gt;
&lt;li&gt;He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network&lt;/li&gt;
&lt;li&gt;Philip Guenther &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20150809165912" rel="nofollow noopener"&gt;also wrote in&lt;/a&gt;, getting some very technical and low-level stuff done at the hackathon&lt;/li&gt;
&lt;li&gt;His report opens with "First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking." - not exactly beginner stuff&lt;/li&gt;
&lt;li&gt;There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://clinta.github.io/freebsd-jails-the-hard-way" rel="nofollow noopener"&gt;FreeBSD jails, the hard way&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;As you learned from our interview this week, there's quite a selection of tools available to manage your jails&lt;/li&gt;
&lt;li&gt;This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf&lt;/li&gt;
&lt;li&gt;Unlike with iocage, ZFS isn't actually a requirement for this method&lt;/li&gt;
&lt;li&gt;If you are using it, though, you can make use of snapshots for making template jails
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.tancsa.com/mdtblog/?p=73" rel="nofollow noopener"&gt;OpenSSH hardware tokens&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client &lt;em&gt;and&lt;/em&gt; server?&lt;/li&gt;
&lt;li&gt;This blog post will show you how to use a hardware token as a second authentication factor, for the "something you know, something you have" security model&lt;/li&gt;
&lt;li&gt;It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd&lt;/li&gt;
&lt;li&gt;Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt" rel="nofollow noopener"&gt;LibreSSL 2.2.2 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes&lt;/li&gt;
&lt;li&gt;At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more&lt;/li&gt;
&lt;li&gt;SSLv3 support was removed from the "openssl" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely&lt;/li&gt;
&lt;li&gt;Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc&lt;/li&gt;
&lt;li&gt;It'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s216lrsVVd" rel="nofollow noopener"&gt;James writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20uGUHWLr" rel="nofollow noopener"&gt;Stuart writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, jails, iocage, bhyve, containers, lxc, docker, ezjail, router, gateway, ipsec, vpn, libressl, authentication, uefi, jails</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>This week on the show, we'll be talking with Peter Toth. He's got a jail management system called "iocage" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bidouilliste.com/blog/2015/07/22/FreeBSD-on-Olimex-RT5350F-OLinuXino" rel="nofollow noopener">FreeBSD on Olimex RT5350F-OLinuXino</a></h3>

<ul>
<li>If you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it)</li>
<li>It's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM</li>
<li>This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment</li>
<li>In <a href="https://www.bidouilliste.com/blog/2015/07/24/FreeBSD-on-Olimex-RT5350F-OLinuXino-Part-2" rel="nofollow noopener">part two of the series</a>, he talks about the GPIO and how you can configure it</li>
<li>Part three is still in the works, so check the site later on for further progress and info
***</li>
</ul>

<h3><a href="https://www.azabani.com/2015/08/06/modern-openbsd-home-router.html" rel="nofollow noopener">The modern OpenBSD home router</a></h3>

<ul>
<li>In a new series of blog posts, one guy takes you through the process of building an <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">OpenBSD-based gateway</a> for his home network</li>
<li>"It’s no secret that most consumer routers ship with software that’s flaky at best, and prohibitively insecure at worst"</li>
<li>Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless</li>
<li>This guide also covers PPP and IPv6, in case you have those requirements</li>
<li>In a <a href="http://jaytongarnett.blogspot.com/2015/07/openbsd-router-bt-home-hub-5-replacement.html" rel="nofollow noopener">similar but unrelated series</a>, another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge</li>
<li>He also has <a href="http://jaytongarnett.blogspot.com/2015/08/openbsd-l2tpipsec-vpn-works-with.html" rel="nofollow noopener">a separate post</a> for setting up an IPSEC VPN on the router
***</li>
</ul>

<h3><a href="https://mail-index.netbsd.org/netbsd-advocacy/2015/08/10/msg000691.html" rel="nofollow noopener">NetBSD at Open Source Conference 2015 Kansai</a></h3>

<ul>
<li>The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference</li>
<li>They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event</li>
<li>Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k</li>
<li>They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it</li>
<li>And what conference would be complete without an LED-powered towel
***</li>
</ul>

<h3><a href="https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034289.html" rel="nofollow noopener">OpenSSH 7.0 released</a></h3>

<ul>
<li>The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code</li>
<li>SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled</li>
<li>The syntax for permitting root logins has been changed, and is now called "prohibit-password" instead of "without-password" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now</li>
<li>If you're using an older configuration file, the "without-password" option still works, so no change is required</li>
<li>You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications</li>
<li>Various bug fixes and documentation improvements are also included</li>
<li>Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users</li>
<li>In the <em>next release</em>, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled
***</li>
</ul>

<h2>Interview - Peter Toth - <a href="mailto:peter.toth198@gmail.com" rel="nofollow noopener">peter.toth198@gmail.com</a> / <a href="https://twitter.com/pannonp" rel="nofollow noopener">@pannonp</a></h2>

<p>Containment with <a href="https://github.com/iocage/iocage" rel="nofollow noopener">iocage</a></p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20150809105132" rel="nofollow noopener">More c2k15 reports</a></h3>

<ul>
<li>A few more hackathon reports from c2k15 in Calgary are still slowly trickling in</li>
<li>Alexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things)</li>
<li>He also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging</li>
<li>Renato Westphal <a href="http://undeadly.org/cgi?action=article&amp;sid=20150811171006" rel="nofollow noopener">sent in a report</a> of his very first hackathon</li>
<li>He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network</li>
<li>Philip Guenther <a href="http://undeadly.org/cgi?action=article&amp;sid=20150809165912" rel="nofollow noopener">also wrote in</a>, getting some very technical and low-level stuff done at the hackathon</li>
<li>His report opens with "First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking." - not exactly beginner stuff</li>
<li>There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well
***</li>
</ul>

<h3><a href="https://clinta.github.io/freebsd-jails-the-hard-way" rel="nofollow noopener">FreeBSD jails, the hard way</a></h3>

<ul>
<li>As you learned from our interview this week, there's quite a selection of tools available to manage your jails</li>
<li>This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf</li>
<li>Unlike with iocage, ZFS isn't actually a requirement for this method</li>
<li>If you are using it, though, you can make use of snapshots for making template jails
***</li>
</ul>

<h3><a href="http://www.tancsa.com/mdtblog/?p=73" rel="nofollow noopener">OpenSSH hardware tokens</a></h3>

<ul>
<li>We've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client <em>and</em> server?</li>
<li>This blog post will show you how to use a hardware token as a second authentication factor, for the "something you know, something you have" security model</li>
<li>It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd</li>
<li>Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too
***</li>
</ul>

<h3><a href="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt" rel="nofollow noopener">LibreSSL 2.2.2 released</a></h3>

<ul>
<li>The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes</li>
<li>At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more</li>
<li>SSLv3 support was removed from the "openssl" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely</li>
<li>Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc</li>
<li>It'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s216lrsVVd" rel="nofollow noopener">James writes in</a></li>
<li><a href="http://slexy.org/view/s20uGUHWLr" rel="nofollow noopener">Stuart writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>This week on the show, we'll be talking with Peter Toth. He's got a jail management system called "iocage" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bidouilliste.com/blog/2015/07/22/FreeBSD-on-Olimex-RT5350F-OLinuXino" rel="nofollow noopener">FreeBSD on Olimex RT5350F-OLinuXino</a></h3>

<ul>
<li>If you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it)</li>
<li>It's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM</li>
<li>This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment</li>
<li>In <a href="https://www.bidouilliste.com/blog/2015/07/24/FreeBSD-on-Olimex-RT5350F-OLinuXino-Part-2" rel="nofollow noopener">part two of the series</a>, he talks about the GPIO and how you can configure it</li>
<li>Part three is still in the works, so check the site later on for further progress and info
***</li>
</ul>

<h3><a href="https://www.azabani.com/2015/08/06/modern-openbsd-home-router.html" rel="nofollow noopener">The modern OpenBSD home router</a></h3>

<ul>
<li>In a new series of blog posts, one guy takes you through the process of building an <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">OpenBSD-based gateway</a> for his home network</li>
<li>"It’s no secret that most consumer routers ship with software that’s flaky at best, and prohibitively insecure at worst"</li>
<li>Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless</li>
<li>This guide also covers PPP and IPv6, in case you have those requirements</li>
<li>In a <a href="http://jaytongarnett.blogspot.com/2015/07/openbsd-router-bt-home-hub-5-replacement.html" rel="nofollow noopener">similar but unrelated series</a>, another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge</li>
<li>He also has <a href="http://jaytongarnett.blogspot.com/2015/08/openbsd-l2tpipsec-vpn-works-with.html" rel="nofollow noopener">a separate post</a> for setting up an IPSEC VPN on the router
***</li>
</ul>

<h3><a href="https://mail-index.netbsd.org/netbsd-advocacy/2015/08/10/msg000691.html" rel="nofollow noopener">NetBSD at Open Source Conference 2015 Kansai</a></h3>

<ul>
<li>The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference</li>
<li>They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event</li>
<li>Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k</li>
<li>They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it</li>
<li>And what conference would be complete without an LED-powered towel
***</li>
</ul>

<h3><a href="https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034289.html" rel="nofollow noopener">OpenSSH 7.0 released</a></h3>

<ul>
<li>The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code</li>
<li>SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled</li>
<li>The syntax for permitting root logins has been changed, and is now called "prohibit-password" instead of "without-password" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now</li>
<li>If you're using an older configuration file, the "without-password" option still works, so no change is required</li>
<li>You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications</li>
<li>Various bug fixes and documentation improvements are also included</li>
<li>Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users</li>
<li>In the <em>next release</em>, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled
***</li>
</ul>

<h2>Interview - Peter Toth - <a href="mailto:peter.toth198@gmail.com" rel="nofollow noopener">peter.toth198@gmail.com</a> / <a href="https://twitter.com/pannonp" rel="nofollow noopener">@pannonp</a></h2>

<p>Containment with <a href="https://github.com/iocage/iocage" rel="nofollow noopener">iocage</a></p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20150809105132" rel="nofollow noopener">More c2k15 reports</a></h3>

<ul>
<li>A few more hackathon reports from c2k15 in Calgary are still slowly trickling in</li>
<li>Alexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things)</li>
<li>He also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging</li>
<li>Renato Westphal <a href="http://undeadly.org/cgi?action=article&amp;sid=20150811171006" rel="nofollow noopener">sent in a report</a> of his very first hackathon</li>
<li>He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network</li>
<li>Philip Guenther <a href="http://undeadly.org/cgi?action=article&amp;sid=20150809165912" rel="nofollow noopener">also wrote in</a>, getting some very technical and low-level stuff done at the hackathon</li>
<li>His report opens with "First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking." - not exactly beginner stuff</li>
<li>There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well
***</li>
</ul>

<h3><a href="https://clinta.github.io/freebsd-jails-the-hard-way" rel="nofollow noopener">FreeBSD jails, the hard way</a></h3>

<ul>
<li>As you learned from our interview this week, there's quite a selection of tools available to manage your jails</li>
<li>This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf</li>
<li>Unlike with iocage, ZFS isn't actually a requirement for this method</li>
<li>If you are using it, though, you can make use of snapshots for making template jails
***</li>
</ul>

<h3><a href="http://www.tancsa.com/mdtblog/?p=73" rel="nofollow noopener">OpenSSH hardware tokens</a></h3>

<ul>
<li>We've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client <em>and</em> server?</li>
<li>This blog post will show you how to use a hardware token as a second authentication factor, for the "something you know, something you have" security model</li>
<li>It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd</li>
<li>Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too
***</li>
</ul>

<h3><a href="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt" rel="nofollow noopener">LibreSSL 2.2.2 released</a></h3>

<ul>
<li>The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes</li>
<li>At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more</li>
<li>SSLv3 support was removed from the "openssl" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely</li>
<li>Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc</li>
<li>It'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s216lrsVVd" rel="nofollow noopener">James writes in</a></li>
<li><a href="http://slexy.org/view/s20uGUHWLr" rel="nofollow noopener">Stuart writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>94: Builder's Insurance</title>
  <link>https://www.bsdnow.tv/94</link>
  <guid isPermaLink="false">62d29419-94fa-4252-89a9-581546c7e61d</guid>
  <pubDate>Wed, 17 Jun 2015 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/62d29419-94fa-4252-89a9-581546c7e61d.mp3" length="61384180" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:25:15</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.bsdcan.org/2015/schedule/" rel="nofollow noopener"&gt;BSDCan 2015 videos&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;BSDCan just ended last week, but some of the BSD-related presentation videos are already online&lt;/li&gt;
&lt;li&gt;Allan Jude, &lt;a href="https://www.youtube.com/watch?v=8l6bhKIDecg" rel="nofollow noopener"&gt;UCL for FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Andrew Cagney, &lt;a href="https://www.youtube.com/watch?v=XDIcD4LR5HE" rel="nofollow noopener"&gt;What happens when a dwarf and a daemon start dancing by the light of the silvery moon?&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Andy Tanenbaum, &lt;a href="https://www.youtube.com/watch?v=0pebP891V0c" rel="nofollow noopener"&gt;A reimplementation of NetBSD&lt;/a&gt; &lt;a href="https://www.youtube.com/watch?v=Bu1JuwVfYTc" rel="nofollow noopener"&gt;using a MicroKernel&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Brooks Davis, &lt;a href="https://www.youtube.com/watch?v=DwCg-51vFAs" rel="nofollow noopener"&gt;CheriBSD: A research fork of FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Giuseppe Lettieri, &lt;a href="https://www.youtube.com/watch?v=Lo6wDCapo4k" rel="nofollow noopener"&gt;Even faster VM networking with virtual passthrough&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Joseph Mingrone, &lt;a href="https://www.youtube.com/watch?v=K2pnf1YcMTY" rel="nofollow noopener"&gt;Molecular Evolution, Genomic Analysis and FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Olivier Cochard-Labbe, &lt;a href="https://www.youtube.com/watch?v=6jhSvdnu4k0" rel="nofollow noopener"&gt;Large-scale plug&amp;amp;play x86 network appliance deployment over Internet&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Peter Hessler, &lt;a href="https://www.youtube.com/watch?v=BizrC8Zr-YY" rel="nofollow noopener"&gt;Using routing domains / routing tables in a production network&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Ryan Lortie, &lt;a href="https://www.youtube.com/watch?v=YSVFnM3_2Ik" rel="nofollow noopener"&gt;a stitch in time: jhbuild&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Ted Unangst, &lt;a href="https://www.youtube.com/watch?v=9R5s3l-0wh0" rel="nofollow noopener"&gt;signify: Securing OpenBSD From Us To You&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Many more still to come...
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://pid1.com/posts/post1.html" rel="nofollow noopener"&gt;Documenting my BSD experience&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try&lt;/li&gt;
&lt;li&gt;"That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in."&lt;/li&gt;
&lt;li&gt;In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks&lt;/li&gt;
&lt;li&gt;The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)&lt;/li&gt;
&lt;li&gt;You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into&lt;/li&gt;
&lt;li&gt;He's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon&lt;/li&gt;
&lt;li&gt;His &lt;a href="http://pid1.com/posts/post2.html" rel="nofollow noopener"&gt;second post&lt;/a&gt; explores replacing the firewall on his self-described "over complicated home network" with an OpenBSD box&lt;/li&gt;
&lt;li&gt;After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing&lt;/li&gt;
&lt;li&gt;All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand&lt;/li&gt;
&lt;li&gt;Getting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://github.com/pcbsd/hardenedBSD-stable" rel="nofollow noopener"&gt;PC-BSD tries HardenedBSD builds&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated&lt;/li&gt;
&lt;li&gt;They're not the first major FreeBSD-based project to offer an alternate build - OPNsense &lt;a href="https://hardenedbsd.org/article/shawn-webb/2015-05-08/hardenedbsd-teams-opnsense" rel="nofollow noopener"&gt;did that&lt;/a&gt; a few weeks ago - but this might open the door for more projects to give it a try as well&lt;/li&gt;
&lt;li&gt;With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't have&lt;/li&gt;
&lt;li&gt;Time will tell if more projects and products like FreeNAS might be interested too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=143423172522625&amp;amp;w=2" rel="nofollow noopener"&gt;C-states in OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;People who run BSD on their notebooks, you'll want to pay attention to this one&lt;/li&gt;
&lt;li&gt;OpenBSD has recently committed some ACPI improvements for &lt;a href="http://www.hardwaresecrets.com/article/Everything-You-Need-to-Know-About-the-CPU-C-States-Power-Saving-Modes/611" rel="nofollow noopener"&gt;deep C-states&lt;/a&gt;, enabling the processor to enter a low-power mode&lt;/li&gt;
&lt;li&gt;&lt;a href="https://twitter.com/StevenUniq/status/610586711358316545" rel="nofollow noopener"&gt;According&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-misc&amp;amp;m=143430996602802&amp;amp;w=2" rel="nofollow noopener"&gt;to a&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-misc&amp;amp;m=143429914700826&amp;amp;w=2" rel="nofollow noopener"&gt;few users&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-misc&amp;amp;m=143425943026225&amp;amp;w=2" rel="nofollow noopener"&gt;so far&lt;/a&gt;, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life&lt;/li&gt;
&lt;li&gt;If you're running OpenBSD -current on a laptop, try out the latest snapshot and &lt;a href="https://www.marc.info/?l=openbsd-misc&amp;amp;m=143423391222952&amp;amp;w=2" rel="nofollow noopener"&gt;report back&lt;/a&gt; with your findings
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://mail-index.netbsd.org/netbsd-advocacy/2015/06/13/msg000687.html" rel="nofollow noopener"&gt;NetBSD at Open Source Conference 2015 Hokkaido&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The Japanese NetBSD users group never sleeps, and they've hit yet another open source conference&lt;/li&gt;
&lt;li&gt;As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)&lt;/li&gt;
&lt;li&gt;We'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Marc Espie - &lt;a href="mailto:espie@openbsd.org" rel="nofollow noopener"&gt;espie@openbsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/espie_openbsd" rel="nofollow noopener"&gt;@espie_openbsd&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.marc.info/?l=openbsd-ports&amp;amp;m=143051151521627&amp;amp;w=2" rel="nofollow noopener"&gt;Recent&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-ports&amp;amp;m=143151777209226&amp;amp;w=2" rel="nofollow noopener"&gt;improvements&lt;/a&gt; to OpenBSD's &lt;a href="http://www.bsdnow.tv/tutorials/dpb" rel="nofollow noopener"&gt;dpb&lt;/a&gt; tool&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://github.com/mist64/xhyve/blob/master/README.md" rel="nofollow noopener"&gt;Introducing xhyve, bhyve on OS X&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We've talked about FreeBSD's "bhyve" hypervisor a lot on the show, and now it's been ported to another OS&lt;/li&gt;
&lt;li&gt;As the name "xhyve" might imply, it's a port of bhyve to Mac OS X &lt;/li&gt;
&lt;li&gt;Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future&lt;/li&gt;
&lt;li&gt;It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer&lt;/li&gt;
&lt;li&gt;There are also &lt;a href="http://www.pagetable.com/?p=831" rel="nofollow noopener"&gt;a few examples&lt;/a&gt; on how to use it
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.dragonflybsd.org/docs/newhandbook/docs/newhandbook/4KDisplays/" rel="nofollow noopener"&gt;4K displays on DragonFlyBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fine&lt;/li&gt;
&lt;li&gt;Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas&lt;/li&gt;
&lt;li&gt;Some GUI applications might look weird on such a huge resolution, &lt;/li&gt;
&lt;li&gt;HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://coderinaworldofcode.blogspot.com/2015/06/chrooting-mumble-server-on-openbsd.html" rel="nofollow noopener"&gt;Sandboxing port daemons on OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatment&lt;/li&gt;
&lt;li&gt;This blog post uses a mumble server as an example, but you can apply it to &lt;em&gt;any&lt;/em&gt; service from ports that doesn't chroot by default&lt;/li&gt;
&lt;li&gt;It goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it&lt;/li&gt;
&lt;li&gt;With a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://smallwall.freeforums.net/thread/44/version-1-8-2-released" rel="nofollow noopener"&gt;SmallWall 1.8.2 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;SmallWall is a relatively new BSD-based project that we've never covered before&lt;/li&gt;
&lt;li&gt;It's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits&lt;/li&gt;
&lt;li&gt;They've just released &lt;a href="http://www.smallwall.org/download.html" rel="nofollow noopener"&gt;the first official version&lt;/a&gt;, so you can give it a try now&lt;/li&gt;
&lt;li&gt;If you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks...
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21gRTNnk7" rel="nofollow noopener"&gt;David writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2DdiMvELg" rel="nofollow noopener"&gt;Brian writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2h4ZS6SMd" rel="nofollow noopener"&gt;Dan writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20kA1jeXY" rel="nofollow noopener"&gt;Joel writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2wJ9HP1bs" rel="nofollow noopener"&gt;Steve writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, dpb, poudriere, pbulk, packages, ports, distributed, bsdcan, pf, zfs, opnsense, pfsense, hardenedbsd, aslr, smallwall, m0n0wall, xhyve, bhyve</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bsdcan.org/2015/schedule/" rel="nofollow noopener">BSDCan 2015 videos</a></h3>

<ul>
<li>BSDCan just ended last week, but some of the BSD-related presentation videos are already online</li>
<li>Allan Jude, <a href="https://www.youtube.com/watch?v=8l6bhKIDecg" rel="nofollow noopener">UCL for FreeBSD</a></li>
<li>Andrew Cagney, <a href="https://www.youtube.com/watch?v=XDIcD4LR5HE" rel="nofollow noopener">What happens when a dwarf and a daemon start dancing by the light of the silvery moon?</a></li>
<li>Andy Tanenbaum, <a href="https://www.youtube.com/watch?v=0pebP891V0c" rel="nofollow noopener">A reimplementation of NetBSD</a> <a href="https://www.youtube.com/watch?v=Bu1JuwVfYTc" rel="nofollow noopener">using a MicroKernel</a></li>
<li>Brooks Davis, <a href="https://www.youtube.com/watch?v=DwCg-51vFAs" rel="nofollow noopener">CheriBSD: A research fork of FreeBSD</a></li>
<li>Giuseppe Lettieri, <a href="https://www.youtube.com/watch?v=Lo6wDCapo4k" rel="nofollow noopener">Even faster VM networking with virtual passthrough</a></li>
<li>Joseph Mingrone, <a href="https://www.youtube.com/watch?v=K2pnf1YcMTY" rel="nofollow noopener">Molecular Evolution, Genomic Analysis and FreeBSD</a></li>
<li>Olivier Cochard-Labbe, <a href="https://www.youtube.com/watch?v=6jhSvdnu4k0" rel="nofollow noopener">Large-scale plug&amp;play x86 network appliance deployment over Internet</a></li>
<li>Peter Hessler, <a href="https://www.youtube.com/watch?v=BizrC8Zr-YY" rel="nofollow noopener">Using routing domains / routing tables in a production network</a></li>
<li>Ryan Lortie, <a href="https://www.youtube.com/watch?v=YSVFnM3_2Ik" rel="nofollow noopener">a stitch in time: jhbuild</a></li>
<li>Ted Unangst, <a href="https://www.youtube.com/watch?v=9R5s3l-0wh0" rel="nofollow noopener">signify: Securing OpenBSD From Us To You</a></li>
<li>Many more still to come...
***</li>
</ul>

<h3><a href="http://pid1.com/posts/post1.html" rel="nofollow noopener">Documenting my BSD experience</a></h3>

<ul>
<li>Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try</li>
<li>"That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in."</li>
<li>In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks</li>
<li>The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)</li>
<li>You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into</li>
<li>He's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon</li>
<li>His <a href="http://pid1.com/posts/post2.html" rel="nofollow noopener">second post</a> explores replacing the firewall on his self-described "over complicated home network" with an OpenBSD box</li>
<li>After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing</li>
<li>All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand</li>
<li>Getting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve
***</li>
</ul>

<h3><a href="https://github.com/pcbsd/hardenedBSD-stable" rel="nofollow noopener">PC-BSD tries HardenedBSD builds</a></h3>

<ul>
<li>The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated</li>
<li>They're not the first major FreeBSD-based project to offer an alternate build - OPNsense <a href="https://hardenedbsd.org/article/shawn-webb/2015-05-08/hardenedbsd-teams-opnsense" rel="nofollow noopener">did that</a> a few weeks ago - but this might open the door for more projects to give it a try as well</li>
<li>With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't have</li>
<li>Time will tell if more projects and products like FreeNAS might be interested too
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143423172522625&amp;w=2" rel="nofollow noopener">C-states in OpenBSD</a></h3>

<ul>
<li>People who run BSD on their notebooks, you'll want to pay attention to this one</li>
<li>OpenBSD has recently committed some ACPI improvements for <a href="http://www.hardwaresecrets.com/article/Everything-You-Need-to-Know-About-the-CPU-C-States-Power-Saving-Modes/611" rel="nofollow noopener">deep C-states</a>, enabling the processor to enter a low-power mode</li>
<li><a href="https://twitter.com/StevenUniq/status/610586711358316545" rel="nofollow noopener">According</a> <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143430996602802&amp;w=2" rel="nofollow noopener">to a</a> <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143429914700826&amp;w=2" rel="nofollow noopener">few users</a> <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143425943026225&amp;w=2" rel="nofollow noopener">so far</a>, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life</li>
<li>If you're running OpenBSD -current on a laptop, try out the latest snapshot and <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143423391222952&amp;w=2" rel="nofollow noopener">report back</a> with your findings
***</li>
</ul>

<h3><a href="https://mail-index.netbsd.org/netbsd-advocacy/2015/06/13/msg000687.html" rel="nofollow noopener">NetBSD at Open Source Conference 2015 Hokkaido</a></h3>

<ul>
<li>The Japanese NetBSD users group never sleeps, and they've hit yet another open source conference</li>
<li>As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)</li>
<li>We'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms
***</li>
</ul>

<h2>Interview - Marc Espie - <a href="mailto:espie@openbsd.org" rel="nofollow noopener">espie@openbsd.org</a> / <a href="https://twitter.com/espie_openbsd" rel="nofollow noopener">@espie_openbsd</a></h2>

<p><a href="https://www.marc.info/?l=openbsd-ports&amp;m=143051151521627&amp;w=2" rel="nofollow noopener">Recent</a> <a href="https://www.marc.info/?l=openbsd-ports&amp;m=143151777209226&amp;w=2" rel="nofollow noopener">improvements</a> to OpenBSD's <a href="http://www.bsdnow.tv/tutorials/dpb" rel="nofollow noopener">dpb</a> tool</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://github.com/mist64/xhyve/blob/master/README.md" rel="nofollow noopener">Introducing xhyve, bhyve on OS X</a></h3>

<ul>
<li>We've talked about FreeBSD's "bhyve" hypervisor a lot on the show, and now it's been ported to another OS</li>
<li>As the name "xhyve" might imply, it's a port of bhyve to Mac OS X </li>
<li>Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future</li>
<li>It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer</li>
<li>There are also <a href="http://www.pagetable.com/?p=831" rel="nofollow noopener">a few examples</a> on how to use it
***</li>
</ul>

<h3><a href="http://www.dragonflybsd.org/docs/newhandbook/docs/newhandbook/4KDisplays/" rel="nofollow noopener">4K displays on DragonFlyBSD</a></h3>

<ul>
<li>If you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fine</li>
<li>Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas</li>
<li>Some GUI applications might look weird on such a huge resolution, </li>
<li>HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience
***</li>
</ul>

<h3><a href="http://coderinaworldofcode.blogspot.com/2015/06/chrooting-mumble-server-on-openbsd.html" rel="nofollow noopener">Sandboxing port daemons on OpenBSD</a></h3>

<ul>
<li>We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatment</li>
<li>This blog post uses a mumble server as an example, but you can apply it to <em>any</em> service from ports that doesn't chroot by default</li>
<li>It goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it</li>
<li>With a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots
***</li>
</ul>

<h3><a href="http://smallwall.freeforums.net/thread/44/version-1-8-2-released" rel="nofollow noopener">SmallWall 1.8.2 released</a></h3>

<ul>
<li>SmallWall is a relatively new BSD-based project that we've never covered before</li>
<li>It's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits</li>
<li>They've just released <a href="http://www.smallwall.org/download.html" rel="nofollow noopener">the first official version</a>, so you can give it a try now</li>
<li>If you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks...
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21gRTNnk7" rel="nofollow noopener">David writes in</a></li>
<li><a href="http://slexy.org/view/s2DdiMvELg" rel="nofollow noopener">Brian writes in</a></li>
<li><a href="http://slexy.org/view/s2h4ZS6SMd" rel="nofollow noopener">Dan writes in</a></li>
<li><a href="http://slexy.org/view/s20kA1jeXY" rel="nofollow noopener">Joel writes in</a></li>
<li><a href="http://slexy.org/view/s2wJ9HP1bs" rel="nofollow noopener">Steve writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bsdcan.org/2015/schedule/" rel="nofollow noopener">BSDCan 2015 videos</a></h3>

<ul>
<li>BSDCan just ended last week, but some of the BSD-related presentation videos are already online</li>
<li>Allan Jude, <a href="https://www.youtube.com/watch?v=8l6bhKIDecg" rel="nofollow noopener">UCL for FreeBSD</a></li>
<li>Andrew Cagney, <a href="https://www.youtube.com/watch?v=XDIcD4LR5HE" rel="nofollow noopener">What happens when a dwarf and a daemon start dancing by the light of the silvery moon?</a></li>
<li>Andy Tanenbaum, <a href="https://www.youtube.com/watch?v=0pebP891V0c" rel="nofollow noopener">A reimplementation of NetBSD</a> <a href="https://www.youtube.com/watch?v=Bu1JuwVfYTc" rel="nofollow noopener">using a MicroKernel</a></li>
<li>Brooks Davis, <a href="https://www.youtube.com/watch?v=DwCg-51vFAs" rel="nofollow noopener">CheriBSD: A research fork of FreeBSD</a></li>
<li>Giuseppe Lettieri, <a href="https://www.youtube.com/watch?v=Lo6wDCapo4k" rel="nofollow noopener">Even faster VM networking with virtual passthrough</a></li>
<li>Joseph Mingrone, <a href="https://www.youtube.com/watch?v=K2pnf1YcMTY" rel="nofollow noopener">Molecular Evolution, Genomic Analysis and FreeBSD</a></li>
<li>Olivier Cochard-Labbe, <a href="https://www.youtube.com/watch?v=6jhSvdnu4k0" rel="nofollow noopener">Large-scale plug&amp;play x86 network appliance deployment over Internet</a></li>
<li>Peter Hessler, <a href="https://www.youtube.com/watch?v=BizrC8Zr-YY" rel="nofollow noopener">Using routing domains / routing tables in a production network</a></li>
<li>Ryan Lortie, <a href="https://www.youtube.com/watch?v=YSVFnM3_2Ik" rel="nofollow noopener">a stitch in time: jhbuild</a></li>
<li>Ted Unangst, <a href="https://www.youtube.com/watch?v=9R5s3l-0wh0" rel="nofollow noopener">signify: Securing OpenBSD From Us To You</a></li>
<li>Many more still to come...
***</li>
</ul>

<h3><a href="http://pid1.com/posts/post1.html" rel="nofollow noopener">Documenting my BSD experience</a></h3>

<ul>
<li>Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try</li>
<li>"That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in."</li>
<li>In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks</li>
<li>The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)</li>
<li>You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into</li>
<li>He's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon</li>
<li>His <a href="http://pid1.com/posts/post2.html" rel="nofollow noopener">second post</a> explores replacing the firewall on his self-described "over complicated home network" with an OpenBSD box</li>
<li>After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing</li>
<li>All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand</li>
<li>Getting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve
***</li>
</ul>

<h3><a href="https://github.com/pcbsd/hardenedBSD-stable" rel="nofollow noopener">PC-BSD tries HardenedBSD builds</a></h3>

<ul>
<li>The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated</li>
<li>They're not the first major FreeBSD-based project to offer an alternate build - OPNsense <a href="https://hardenedbsd.org/article/shawn-webb/2015-05-08/hardenedbsd-teams-opnsense" rel="nofollow noopener">did that</a> a few weeks ago - but this might open the door for more projects to give it a try as well</li>
<li>With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't have</li>
<li>Time will tell if more projects and products like FreeNAS might be interested too
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143423172522625&amp;w=2" rel="nofollow noopener">C-states in OpenBSD</a></h3>

<ul>
<li>People who run BSD on their notebooks, you'll want to pay attention to this one</li>
<li>OpenBSD has recently committed some ACPI improvements for <a href="http://www.hardwaresecrets.com/article/Everything-You-Need-to-Know-About-the-CPU-C-States-Power-Saving-Modes/611" rel="nofollow noopener">deep C-states</a>, enabling the processor to enter a low-power mode</li>
<li><a href="https://twitter.com/StevenUniq/status/610586711358316545" rel="nofollow noopener">According</a> <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143430996602802&amp;w=2" rel="nofollow noopener">to a</a> <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143429914700826&amp;w=2" rel="nofollow noopener">few users</a> <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143425943026225&amp;w=2" rel="nofollow noopener">so far</a>, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life</li>
<li>If you're running OpenBSD -current on a laptop, try out the latest snapshot and <a href="https://www.marc.info/?l=openbsd-misc&amp;m=143423391222952&amp;w=2" rel="nofollow noopener">report back</a> with your findings
***</li>
</ul>

<h3><a href="https://mail-index.netbsd.org/netbsd-advocacy/2015/06/13/msg000687.html" rel="nofollow noopener">NetBSD at Open Source Conference 2015 Hokkaido</a></h3>

<ul>
<li>The Japanese NetBSD users group never sleeps, and they've hit yet another open source conference</li>
<li>As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)</li>
<li>We'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms
***</li>
</ul>

<h2>Interview - Marc Espie - <a href="mailto:espie@openbsd.org" rel="nofollow noopener">espie@openbsd.org</a> / <a href="https://twitter.com/espie_openbsd" rel="nofollow noopener">@espie_openbsd</a></h2>

<p><a href="https://www.marc.info/?l=openbsd-ports&amp;m=143051151521627&amp;w=2" rel="nofollow noopener">Recent</a> <a href="https://www.marc.info/?l=openbsd-ports&amp;m=143151777209226&amp;w=2" rel="nofollow noopener">improvements</a> to OpenBSD's <a href="http://www.bsdnow.tv/tutorials/dpb" rel="nofollow noopener">dpb</a> tool</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://github.com/mist64/xhyve/blob/master/README.md" rel="nofollow noopener">Introducing xhyve, bhyve on OS X</a></h3>

<ul>
<li>We've talked about FreeBSD's "bhyve" hypervisor a lot on the show, and now it's been ported to another OS</li>
<li>As the name "xhyve" might imply, it's a port of bhyve to Mac OS X </li>
<li>Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future</li>
<li>It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer</li>
<li>There are also <a href="http://www.pagetable.com/?p=831" rel="nofollow noopener">a few examples</a> on how to use it
***</li>
</ul>

<h3><a href="http://www.dragonflybsd.org/docs/newhandbook/docs/newhandbook/4KDisplays/" rel="nofollow noopener">4K displays on DragonFlyBSD</a></h3>

<ul>
<li>If you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fine</li>
<li>Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas</li>
<li>Some GUI applications might look weird on such a huge resolution, </li>
<li>HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience
***</li>
</ul>

<h3><a href="http://coderinaworldofcode.blogspot.com/2015/06/chrooting-mumble-server-on-openbsd.html" rel="nofollow noopener">Sandboxing port daemons on OpenBSD</a></h3>

<ul>
<li>We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatment</li>
<li>This blog post uses a mumble server as an example, but you can apply it to <em>any</em> service from ports that doesn't chroot by default</li>
<li>It goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it</li>
<li>With a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots
***</li>
</ul>

<h3><a href="http://smallwall.freeforums.net/thread/44/version-1-8-2-released" rel="nofollow noopener">SmallWall 1.8.2 released</a></h3>

<ul>
<li>SmallWall is a relatively new BSD-based project that we've never covered before</li>
<li>It's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits</li>
<li>They've just released <a href="http://www.smallwall.org/download.html" rel="nofollow noopener">the first official version</a>, so you can give it a try now</li>
<li>If you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks...
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21gRTNnk7" rel="nofollow noopener">David writes in</a></li>
<li><a href="http://slexy.org/view/s2DdiMvELg" rel="nofollow noopener">Brian writes in</a></li>
<li><a href="http://slexy.org/view/s2h4ZS6SMd" rel="nofollow noopener">Dan writes in</a></li>
<li><a href="http://slexy.org/view/s20kA1jeXY" rel="nofollow noopener">Joel writes in</a></li>
<li><a href="http://slexy.org/view/s2wJ9HP1bs" rel="nofollow noopener">Steve writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>87: On the List</title>
  <link>https://www.bsdnow.tv/87</link>
  <guid isPermaLink="false">56f4b27b-9384-4cb9-9877-d825f62815a7</guid>
  <pubDate>Wed, 29 Apr 2015 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/56f4b27b-9384-4cb9-9877-d825f62815a7.mp3" length="58344340" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:21:02</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=142990524317070&amp;amp;w=2" rel="nofollow noopener"&gt;New PAE support in OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;OpenBSD has just added &lt;a href="https://en.wikipedia.org/wiki/Physical_Address_Extension" rel="nofollow noopener"&gt;Physical Address Extention&lt;/a&gt; support to the i386 architecture, but it's probably not what you'd think of when you hear the term&lt;/li&gt;
&lt;li&gt;In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that&lt;/li&gt;
&lt;li&gt;Instead, this change specifically allows the system to use the &lt;a href="https://en.wikipedia.org/wiki/NX_bit#OpenBSD" rel="nofollow noopener"&gt;No-eXecute Bit&lt;/a&gt; of the processor for the userland, further hardening the in-place memory protections&lt;/li&gt;
&lt;li&gt;Other operating systems enable the CPU feature without doing anything to the &lt;a href="https://en.wikipedia.org/wiki/Page_table#Role_of_the_page_table" rel="nofollow noopener"&gt;page table entries&lt;/a&gt;, so they &lt;strong&gt;do get&lt;/strong&gt; the available memory expansion, but &lt;strong&gt;don't get&lt;/strong&gt; the potential security benefit&lt;/li&gt;
&lt;li&gt;As we discussed in a &lt;a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener"&gt;previous episode&lt;/a&gt;, the AMD64 platform already saw some major W&lt;sup&gt;X&lt;/sup&gt; kernel &lt;strong&gt;and&lt;/strong&gt; userland improvements - the i386 kernel reworking will begin shortly&lt;/li&gt;
&lt;li&gt;Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W&lt;sup&gt;X&lt;/sup&gt; that was already there&lt;/li&gt;
&lt;li&gt;The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://twitter.com/nahannisys/status/591733319357730816" rel="nofollow noopener"&gt;Booting Windows in bhyve&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Work on FreeBSD's &lt;a href="http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind" rel="nofollow noopener"&gt;bhyve&lt;/a&gt; continues, and a big addition is on the way&lt;/li&gt;
&lt;li&gt;Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, &lt;em&gt;no Windows&lt;/em&gt;&lt;/li&gt;
&lt;li&gt;This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter&lt;/li&gt;
&lt;li&gt;Graphics emulation is still in the works; this image was taken by booting headless and using RDP&lt;/li&gt;
&lt;li&gt;A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan)&lt;/li&gt;
&lt;li&gt;Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out&lt;/li&gt;
&lt;li&gt;Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.midnightbsd.org/notes/" rel="nofollow noopener"&gt;MidnightBSD 0.6 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;MidnightBSD is a smaller project we've not covered a lot on the show before&lt;/li&gt;
&lt;li&gt;It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use&lt;/li&gt;
&lt;li&gt;They also have their own, smaller version of FreeBSD ports, called "mports"&lt;/li&gt;
&lt;li&gt;If you're already using it, this new version is mainly a security and bugfix release&lt;/li&gt;
&lt;li&gt;It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions&lt;/li&gt;
&lt;li&gt;You can check &lt;a href="http://www.midnightbsd.org/about/" rel="nofollow noopener"&gt;their site&lt;/a&gt; for more information about the project&lt;/li&gt;
&lt;li&gt;We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=142989267412968&amp;amp;w=4" rel="nofollow noopener"&gt;OpenBSD rewrites the file utility&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We're all probably familiar with the traditional &lt;a href="https://en.wikipedia.org/wiki/File_%28command%29" rel="nofollow noopener"&gt;file&lt;/a&gt; command - it's been around &lt;a href="http://darwinsys.com/file/" rel="nofollow noopener"&gt;since the 1970s&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;For anyone who doesn't know, it's used to determine what type of file something actually is&lt;/li&gt;
&lt;li&gt;This tool doesn't see a lot of development these days, and it's had its share of security issues as well&lt;/li&gt;
&lt;li&gt;Some of those security issues &lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=141857001403570&amp;amp;w=2" rel="nofollow noopener"&gt;remain&lt;/a&gt; &lt;a href="https://www.marc.info/?l=freebsd-security&amp;amp;m=142980545021888&amp;amp;w=2" rel="nofollow noopener"&gt;unfixed&lt;/a&gt; in various BSDs &lt;strong&gt;even today&lt;/strong&gt;, despite being publicly known for a while&lt;/li&gt;
&lt;li&gt;It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it&lt;/li&gt;
&lt;li&gt;When you think about it, file was technically &lt;em&gt;designed&lt;/em&gt; to be used on untrusted files&lt;/li&gt;
&lt;li&gt;OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny&lt;/li&gt;
&lt;li&gt;This new version will, by default, run &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=143014212727213&amp;amp;w=2" rel="nofollow noopener"&gt;as an unprivileged user&lt;/a&gt; with no shell, and in a &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=143014276127454&amp;amp;w=2" rel="nofollow noopener"&gt;systrace sandbox&lt;/a&gt;, strictly limiting what system calls can be made&lt;/li&gt;
&lt;li&gt;With these two things combined, it should drastically reduce the damage a malicious file could potentially do&lt;/li&gt;
&lt;li&gt;Ian Darwin, the original author of the utility, &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=142989483913635&amp;amp;w=4" rel="nofollow noopener"&gt;saw the commit and replied&lt;/a&gt;, in what may be a moment in BSD history to remember&lt;/li&gt;
&lt;li&gt;It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version&lt;/li&gt;
&lt;li&gt;Coincidentally, the lead developer and current maintainer of file just happens to be our guest today…
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Christos Zoulas - &lt;a href="mailto:christos@netbsd.org" rel="nofollow noopener"&gt;christos@netbsd.org&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.youtube.com/watch?v=0UKCAsezF3Q" rel="nofollow noopener"&gt;blacklistd&lt;/a&gt; and NetBSD advocacy&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.google-melange.com/gsoc/projects/list/google/gsoc2015" rel="nofollow noopener"&gt;GSoC-accepted BSD projects&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list&lt;/li&gt;
&lt;li&gt;FreeBSD's &lt;a href="https://wiki.freebsd.org/SummerOfCode2015Projects" rel="nofollow noopener"&gt;list&lt;/a&gt; includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. &lt;strong&gt;memory compression and deduplication&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;OpenBSD's &lt;a href="http://www.openbsdfoundation.org/gsoc2015.html" rel="nofollow noopener"&gt;list&lt;/a&gt; includes: asynchronous USB transfer submission from userland, ARM SD/MMC &amp;amp; controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... &lt;strong&gt;porting HAMMER FS to OpenBSD&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;We'll be sure to keep you up to date on developments from both projects&lt;/li&gt;
&lt;li&gt;Hopefully the other BSDs will make the cut too next year
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.jumpnowtek.com/gumstix-freebsd/FreeBSD-Duovero-build-workstation-setup.html" rel="nofollow noopener"&gt;FreeBSD on the Gumstix Duovero&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based &lt;a href="https://store.gumstix.com/index.php/coms/duovero-coms.html" rel="nofollow noopener"&gt;computer-on-module&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;They actually look more like a stick of RAM than a mini-computer&lt;/li&gt;
&lt;li&gt;This article shows you how to build a FreeBSD -CURRENT image to run on them, using &lt;a href="https://github.com/freebsd/crochet" rel="nofollow noopener"&gt;crochet-freebsd&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D" rel="nofollow noopener"&gt;EU study recommends OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools&lt;/li&gt;
&lt;li&gt;This is especially important, in all countries, after the mass surveillance documents came out &lt;/li&gt;
&lt;li&gt;"[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts."&lt;/li&gt;
&lt;li&gt;The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on&lt;/li&gt;
&lt;li&gt;Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways"&lt;/li&gt;
&lt;li&gt;Reddit, Undeadly and Hacker News also &lt;a href="https://www.reddit.com/r/programming/comments/340xh3/eu_study_recommends_use_of_openbsd_for_its/" rel="nofollow noopener"&gt;had&lt;/a&gt; &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20150427093546" rel="nofollow noopener"&gt;some&lt;/a&gt; &lt;a href="https://news.ycombinator.com/item?id=9445831" rel="nofollow noopener"&gt;discussion&lt;/a&gt;, particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with &lt;a href="http://www.bsdnow.tv/episodes/2014_10_08-behind_the_masq" rel="nofollow noopener"&gt;Voxer&lt;/a&gt; and &lt;a href="http://www.bsdnow.tv/episodes/2015_04_22-business_as_usual" rel="nofollow noopener"&gt;M:Tier&lt;/a&gt; before
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055551.html" rel="nofollow noopener"&gt;FreeBSD workflow with Git&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too&lt;/li&gt;
&lt;li&gt;This mailing list post talks about interacting &lt;a href="https://wiki.freebsd.org/GitWorkflow/GitSvn" rel="nofollow noopener"&gt;between&lt;/a&gt; the official source repository and the Git mirror&lt;/li&gt;
&lt;li&gt;This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2vjh3ogvG" rel="nofollow noopener"&gt;Sean writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20GMcWvKE" rel="nofollow noopener"&gt;Bryan writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21M1imT3d" rel="nofollow noopener"&gt;Sean writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s25ScxQSwb" rel="nofollow noopener"&gt;Charles writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, blacklistd, file, pae, w^x, aslr, bhyve, windows, efi, rdp, gumstix, duovero, midnightbsd, coreclr, gsoc</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142990524317070&amp;w=2" rel="nofollow noopener">New PAE support in OpenBSD</a></h3>

<ul>
<li>OpenBSD has just added <a href="https://en.wikipedia.org/wiki/Physical_Address_Extension" rel="nofollow noopener">Physical Address Extention</a> support to the i386 architecture, but it's probably not what you'd think of when you hear the term</li>
<li>In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that</li>
<li>Instead, this change specifically allows the system to use the <a href="https://en.wikipedia.org/wiki/NX_bit#OpenBSD" rel="nofollow noopener">No-eXecute Bit</a> of the processor for the userland, further hardening the in-place memory protections</li>
<li>Other operating systems enable the CPU feature without doing anything to the <a href="https://en.wikipedia.org/wiki/Page_table#Role_of_the_page_table" rel="nofollow noopener">page table entries</a>, so they <strong>do get</strong> the available memory expansion, but <strong>don't get</strong> the potential security benefit</li>
<li>As we discussed in a <a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener">previous episode</a>, the AMD64 platform already saw some major W<sup>X</sup> kernel <strong>and</strong> userland improvements - the i386 kernel reworking will begin shortly</li>
<li>Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W<sup>X</sup> that was already there</li>
<li>The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8
***</li>
</ul>

<h3><a href="https://twitter.com/nahannisys/status/591733319357730816" rel="nofollow noopener">Booting Windows in bhyve</a></h3>

<ul>
<li>Work on FreeBSD's <a href="http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind" rel="nofollow noopener">bhyve</a> continues, and a big addition is on the way</li>
<li>Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, <em>no Windows</em></li>
<li>This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter</li>
<li>Graphics emulation is still in the works; this image was taken by booting headless and using RDP</li>
<li>A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan)</li>
<li>Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out</li>
<li>Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts
***</li>
</ul>

<h3><a href="http://www.midnightbsd.org/notes/" rel="nofollow noopener">MidnightBSD 0.6 released</a></h3>

<ul>
<li>MidnightBSD is a smaller project we've not covered a lot on the show before</li>
<li>It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use</li>
<li>They also have their own, smaller version of FreeBSD ports, called "mports"</li>
<li>If you're already using it, this new version is mainly a security and bugfix release</li>
<li>It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions</li>
<li>You can check <a href="http://www.midnightbsd.org/about/" rel="nofollow noopener">their site</a> for more information about the project</li>
<li>We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142989267412968&amp;w=4" rel="nofollow noopener">OpenBSD rewrites the file utility</a></h3>

<ul>
<li>We're all probably familiar with the traditional <a href="https://en.wikipedia.org/wiki/File_%28command%29" rel="nofollow noopener">file</a> command - it's been around <a href="http://darwinsys.com/file/" rel="nofollow noopener">since the 1970s</a></li>
<li>For anyone who doesn't know, it's used to determine what type of file something actually is</li>
<li>This tool doesn't see a lot of development these days, and it's had its share of security issues as well</li>
<li>Some of those security issues <a href="https://www.marc.info/?l=openbsd-tech&amp;m=141857001403570&amp;w=2" rel="nofollow noopener">remain</a> <a href="https://www.marc.info/?l=freebsd-security&amp;m=142980545021888&amp;w=2" rel="nofollow noopener">unfixed</a> in various BSDs <strong>even today</strong>, despite being publicly known for a while</li>
<li>It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it</li>
<li>When you think about it, file was technically <em>designed</em> to be used on untrusted files</li>
<li>OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny</li>
<li>This new version will, by default, run <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143014212727213&amp;w=2" rel="nofollow noopener">as an unprivileged user</a> with no shell, and in a <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143014276127454&amp;w=2" rel="nofollow noopener">systrace sandbox</a>, strictly limiting what system calls can be made</li>
<li>With these two things combined, it should drastically reduce the damage a malicious file could potentially do</li>
<li>Ian Darwin, the original author of the utility, <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142989483913635&amp;w=4" rel="nofollow noopener">saw the commit and replied</a>, in what may be a moment in BSD history to remember</li>
<li>It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version</li>
<li>Coincidentally, the lead developer and current maintainer of file just happens to be our guest today…
***</li>
</ul>

<h2>Interview - Christos Zoulas - <a href="mailto:christos@netbsd.org" rel="nofollow noopener">christos@netbsd.org</a></h2>

<p><a href="https://www.youtube.com/watch?v=0UKCAsezF3Q" rel="nofollow noopener">blacklistd</a> and NetBSD advocacy</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.google-melange.com/gsoc/projects/list/google/gsoc2015" rel="nofollow noopener">GSoC-accepted BSD projects</a></h3>

<ul>
<li>The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list</li>
<li>FreeBSD's <a href="https://wiki.freebsd.org/SummerOfCode2015Projects" rel="nofollow noopener">list</a> includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. <strong>memory compression and deduplication</strong></li>
<li>OpenBSD's <a href="http://www.openbsdfoundation.org/gsoc2015.html" rel="nofollow noopener">list</a> includes: asynchronous USB transfer submission from userland, ARM SD/MMC &amp; controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... <strong>porting HAMMER FS to OpenBSD</strong></li>
<li>We'll be sure to keep you up to date on developments from both projects</li>
<li>Hopefully the other BSDs will make the cut too next year
***</li>
</ul>

<h3><a href="http://www.jumpnowtek.com/gumstix-freebsd/FreeBSD-Duovero-build-workstation-setup.html" rel="nofollow noopener">FreeBSD on the Gumstix Duovero</a></h3>

<ul>
<li>If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based <a href="https://store.gumstix.com/index.php/coms/duovero-coms.html" rel="nofollow noopener">computer-on-module</a></li>
<li>They actually look more like a stick of RAM than a mini-computer</li>
<li>This article shows you how to build a FreeBSD -CURRENT image to run on them, using <a href="https://github.com/freebsd/crochet" rel="nofollow noopener">crochet-freebsd</a></li>
<li>If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us
***</li>
</ul>

<h3><a href="https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D" rel="nofollow noopener">EU study recommends OpenBSD</a></h3>

<ul>
<li>A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools</li>
<li>This is especially important, in all countries, after the mass surveillance documents came out </li>
<li>"[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts."</li>
<li>The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on</li>
<li>Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways"</li>
<li>Reddit, Undeadly and Hacker News also <a href="https://www.reddit.com/r/programming/comments/340xh3/eu_study_recommends_use_of_openbsd_for_its/" rel="nofollow noopener">had</a> <a href="http://undeadly.org/cgi?action=article&amp;sid=20150427093546" rel="nofollow noopener">some</a> <a href="https://news.ycombinator.com/item?id=9445831" rel="nofollow noopener">discussion</a>, particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with <a href="http://www.bsdnow.tv/episodes/2014_10_08-behind_the_masq" rel="nofollow noopener">Voxer</a> and <a href="http://www.bsdnow.tv/episodes/2015_04_22-business_as_usual" rel="nofollow noopener">M:Tier</a> before
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055551.html" rel="nofollow noopener">FreeBSD workflow with Git</a></h3>

<ul>
<li>If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too</li>
<li>This mailing list post talks about interacting <a href="https://wiki.freebsd.org/GitWorkflow/GitSvn" rel="nofollow noopener">between</a> the official source repository and the Git mirror</li>
<li>This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2vjh3ogvG" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s20GMcWvKE" rel="nofollow noopener">Bryan writes in</a></li>
<li><a href="http://slexy.org/view/s21M1imT3d" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s25ScxQSwb" rel="nofollow noopener">Charles writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142990524317070&amp;w=2" rel="nofollow noopener">New PAE support in OpenBSD</a></h3>

<ul>
<li>OpenBSD has just added <a href="https://en.wikipedia.org/wiki/Physical_Address_Extension" rel="nofollow noopener">Physical Address Extention</a> support to the i386 architecture, but it's probably not what you'd think of when you hear the term</li>
<li>In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that</li>
<li>Instead, this change specifically allows the system to use the <a href="https://en.wikipedia.org/wiki/NX_bit#OpenBSD" rel="nofollow noopener">No-eXecute Bit</a> of the processor for the userland, further hardening the in-place memory protections</li>
<li>Other operating systems enable the CPU feature without doing anything to the <a href="https://en.wikipedia.org/wiki/Page_table#Role_of_the_page_table" rel="nofollow noopener">page table entries</a>, so they <strong>do get</strong> the available memory expansion, but <strong>don't get</strong> the potential security benefit</li>
<li>As we discussed in a <a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener">previous episode</a>, the AMD64 platform already saw some major W<sup>X</sup> kernel <strong>and</strong> userland improvements - the i386 kernel reworking will begin shortly</li>
<li>Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W<sup>X</sup> that was already there</li>
<li>The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8
***</li>
</ul>

<h3><a href="https://twitter.com/nahannisys/status/591733319357730816" rel="nofollow noopener">Booting Windows in bhyve</a></h3>

<ul>
<li>Work on FreeBSD's <a href="http://www.bsdnow.tv/episodes/2014_01_15-bhyve_mind" rel="nofollow noopener">bhyve</a> continues, and a big addition is on the way</li>
<li>Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, <em>no Windows</em></li>
<li>This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter</li>
<li>Graphics emulation is still in the works; this image was taken by booting headless and using RDP</li>
<li>A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan)</li>
<li>Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out</li>
<li>Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts
***</li>
</ul>

<h3><a href="http://www.midnightbsd.org/notes/" rel="nofollow noopener">MidnightBSD 0.6 released</a></h3>

<ul>
<li>MidnightBSD is a smaller project we've not covered a lot on the show before</li>
<li>It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use</li>
<li>They also have their own, smaller version of FreeBSD ports, called "mports"</li>
<li>If you're already using it, this new version is mainly a security and bugfix release</li>
<li>It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions</li>
<li>You can check <a href="http://www.midnightbsd.org/about/" rel="nofollow noopener">their site</a> for more information about the project</li>
<li>We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142989267412968&amp;w=4" rel="nofollow noopener">OpenBSD rewrites the file utility</a></h3>

<ul>
<li>We're all probably familiar with the traditional <a href="https://en.wikipedia.org/wiki/File_%28command%29" rel="nofollow noopener">file</a> command - it's been around <a href="http://darwinsys.com/file/" rel="nofollow noopener">since the 1970s</a></li>
<li>For anyone who doesn't know, it's used to determine what type of file something actually is</li>
<li>This tool doesn't see a lot of development these days, and it's had its share of security issues as well</li>
<li>Some of those security issues <a href="https://www.marc.info/?l=openbsd-tech&amp;m=141857001403570&amp;w=2" rel="nofollow noopener">remain</a> <a href="https://www.marc.info/?l=freebsd-security&amp;m=142980545021888&amp;w=2" rel="nofollow noopener">unfixed</a> in various BSDs <strong>even today</strong>, despite being publicly known for a while</li>
<li>It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it</li>
<li>When you think about it, file was technically <em>designed</em> to be used on untrusted files</li>
<li>OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny</li>
<li>This new version will, by default, run <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143014212727213&amp;w=2" rel="nofollow noopener">as an unprivileged user</a> with no shell, and in a <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143014276127454&amp;w=2" rel="nofollow noopener">systrace sandbox</a>, strictly limiting what system calls can be made</li>
<li>With these two things combined, it should drastically reduce the damage a malicious file could potentially do</li>
<li>Ian Darwin, the original author of the utility, <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142989483913635&amp;w=4" rel="nofollow noopener">saw the commit and replied</a>, in what may be a moment in BSD history to remember</li>
<li>It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version</li>
<li>Coincidentally, the lead developer and current maintainer of file just happens to be our guest today…
***</li>
</ul>

<h2>Interview - Christos Zoulas - <a href="mailto:christos@netbsd.org" rel="nofollow noopener">christos@netbsd.org</a></h2>

<p><a href="https://www.youtube.com/watch?v=0UKCAsezF3Q" rel="nofollow noopener">blacklistd</a> and NetBSD advocacy</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.google-melange.com/gsoc/projects/list/google/gsoc2015" rel="nofollow noopener">GSoC-accepted BSD projects</a></h3>

<ul>
<li>The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list</li>
<li>FreeBSD's <a href="https://wiki.freebsd.org/SummerOfCode2015Projects" rel="nofollow noopener">list</a> includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. <strong>memory compression and deduplication</strong></li>
<li>OpenBSD's <a href="http://www.openbsdfoundation.org/gsoc2015.html" rel="nofollow noopener">list</a> includes: asynchronous USB transfer submission from userland, ARM SD/MMC &amp; controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... <strong>porting HAMMER FS to OpenBSD</strong></li>
<li>We'll be sure to keep you up to date on developments from both projects</li>
<li>Hopefully the other BSDs will make the cut too next year
***</li>
</ul>

<h3><a href="http://www.jumpnowtek.com/gumstix-freebsd/FreeBSD-Duovero-build-workstation-setup.html" rel="nofollow noopener">FreeBSD on the Gumstix Duovero</a></h3>

<ul>
<li>If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based <a href="https://store.gumstix.com/index.php/coms/duovero-coms.html" rel="nofollow noopener">computer-on-module</a></li>
<li>They actually look more like a stick of RAM than a mini-computer</li>
<li>This article shows you how to build a FreeBSD -CURRENT image to run on them, using <a href="https://github.com/freebsd/crochet" rel="nofollow noopener">crochet-freebsd</a></li>
<li>If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us
***</li>
</ul>

<h3><a href="https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D" rel="nofollow noopener">EU study recommends OpenBSD</a></h3>

<ul>
<li>A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools</li>
<li>This is especially important, in all countries, after the mass surveillance documents came out </li>
<li>"[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts."</li>
<li>The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on</li>
<li>Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways"</li>
<li>Reddit, Undeadly and Hacker News also <a href="https://www.reddit.com/r/programming/comments/340xh3/eu_study_recommends_use_of_openbsd_for_its/" rel="nofollow noopener">had</a> <a href="http://undeadly.org/cgi?action=article&amp;sid=20150427093546" rel="nofollow noopener">some</a> <a href="https://news.ycombinator.com/item?id=9445831" rel="nofollow noopener">discussion</a>, particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with <a href="http://www.bsdnow.tv/episodes/2014_10_08-behind_the_masq" rel="nofollow noopener">Voxer</a> and <a href="http://www.bsdnow.tv/episodes/2015_04_22-business_as_usual" rel="nofollow noopener">M:Tier</a> before
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055551.html" rel="nofollow noopener">FreeBSD workflow with Git</a></h3>

<ul>
<li>If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too</li>
<li>This mailing list post talks about interacting <a href="https://wiki.freebsd.org/GitWorkflow/GitSvn" rel="nofollow noopener">between</a> the official source repository and the Git mirror</li>
<li>This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2vjh3ogvG" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s20GMcWvKE" rel="nofollow noopener">Bryan writes in</a></li>
<li><a href="http://slexy.org/view/s21M1imT3d" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s25ScxQSwb" rel="nofollow noopener">Charles writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>73: Pipe Dreams</title>
  <link>https://www.bsdnow.tv/73</link>
  <guid isPermaLink="false">bca95163-7c0b-4440-902b-594ea8c61554</guid>
  <pubDate>Wed, 21 Jan 2015 08:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/bca95163-7c0b-4440-902b-594ea8c61554.mp3" length="65969428" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>This week on the show we'll be chatting with David Maxwell, a former NetBSD security officer. He's got an interesting project called Pipecut that takes a whole new approach to the commandline. We've also got answers to viewer-submitted questions and all this week's headlines, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:31:37</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;This week on the show we'll be chatting with David Maxwell, a former NetBSD security officer. He's got an interesting project called Pipecut that takes a whole new approach to the commandline. We've also got answers to viewer-submitted questions and all this week's headlines, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.freebsd.org/news/status/report-2014-10-2014-12.html" rel="nofollow noopener"&gt;FreeBSD quarterly status report&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The FreeBSD team has posted an updated on some of their activities between October and December of 2014&lt;/li&gt;
&lt;li&gt;They put a big focus on compatibility with other systems: the Linux emulation layer, &lt;a href="http://www.bsdnow.tv/tutorials/bhyve" rel="nofollow noopener"&gt;bhyve&lt;/a&gt;, WINE and Xen all got some nice improvements&lt;/li&gt;
&lt;li&gt;As always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure&lt;/li&gt;
&lt;li&gt;The release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs&lt;/li&gt;
&lt;li&gt;FreeBSD's forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)&lt;/li&gt;
&lt;li&gt;Git was promoted from beta to an officially-supported version control system (Kris is happy)&lt;/li&gt;
&lt;li&gt;The core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints&lt;/li&gt;
&lt;li&gt;Other notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more "cloud" services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements&lt;/li&gt;
&lt;li&gt;Check out the full report for all the details that we didn't cover
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://linux-audit.com/vulnerabilities-and-digital-signatures-for-openbsd-software-packages/" rel="nofollow noopener"&gt;OpenBSD package signature audit&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;"Linux Audit" is a website focused on auditing and hardening systems, as well as educating people about securing their boxes&lt;/li&gt;
&lt;li&gt;They recently did an article about OpenBSD, specifically their &lt;a href="http://www.bsdnow.tv/tutorials/ports-obsd" rel="nofollow noopener"&gt;ports and package system&lt;/a&gt; and signing infrastructure&lt;/li&gt;
&lt;li&gt;The author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed&lt;/li&gt;
&lt;li&gt;Package signature formats and public key distribution methods are also touched on&lt;/li&gt;
&lt;li&gt;After some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future&lt;/li&gt;
&lt;li&gt;If you haven't seen &lt;a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener"&gt;our episode about signify&lt;/a&gt; with Ted Unangst, that would be a great one to check out after reading this
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://ask.slashdot.org/story/15/01/15/1547209/ask-slashdot-migrating-a-router-from-linux-to-bsd" rel="nofollow noopener"&gt;Replacing a Linux router with BSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;There was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one&lt;/li&gt;
&lt;li&gt;The poster begins with "I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs."&lt;/li&gt;
&lt;li&gt;A lot of people were quick to recommend &lt;a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener"&gt;OPNsense&lt;/a&gt; and pfSense, being that they're very easy to administer (requiring basically no BSD knowledge at all)&lt;/li&gt;
&lt;li&gt;Other commenters suggested a more hands-on approach, setting one up yourself with &lt;a href="http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/" rel="nofollow noopener"&gt;FreeBSD&lt;/a&gt; or &lt;a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener"&gt;OpenBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;If you've been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through&lt;/li&gt;
&lt;li&gt;Unfortunately, a lot of the comments are just Linux users bickering about systemd, so you'll have to wade through some of that to get to the good information
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://bsdxbsdx.blogspot.com/2015/01/switching-to-openssl-from-ports-in.html" rel="nofollow noopener"&gt;LibreSSL in FreeBSD and OPNsense&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)&lt;/li&gt;
&lt;li&gt;The reasoning being that updates in base &lt;a href="http://www.openbsd.org/papers/eurobsdcon2014-libressl.html" rel="nofollow noopener"&gt;tend to lag behind&lt;/a&gt;, whereas the port can be updated for security very quickly&lt;/li&gt;
&lt;li&gt;OPNsense developers are &lt;a href="https://twitter.com/fitchitis/status/555625679614521345" rel="nofollow noopener"&gt;looking into&lt;/a&gt;  &lt;a href="http://forum.opnsense.org/index.php?topic=21.0" rel="nofollow noopener"&gt;switching away&lt;/a&gt; from OpenSSL to &lt;a href="http://www.bsdnow.tv/episodes/2014_07_30-liberating_ssl" rel="nofollow noopener"&gt;LibreSSL's portable version&lt;/a&gt;, for both their ports and base system, which would be a pretty huge differentiator for their project&lt;/li&gt;
&lt;li&gt;Some ports &lt;a href="https://bugs.freebsd.org/bugzilla/buglist.cgi?order=Importance&amp;amp;query_format=advanced&amp;amp;short_desc=libressl&amp;amp;short_desc_type=allwordssubstr" rel="nofollow noopener"&gt;still need fixing&lt;/a&gt; to be compatible though, particularly &lt;a href="https://github.com/opnsense/ports/commit/c15af648e9d5fcecf0ae666292e8f41c08979057" rel="nofollow noopener"&gt;a few&lt;/a&gt; &lt;a href="https://github.com/pyca/cryptography/issues/928" rel="nofollow noopener"&gt;python-related&lt;/a&gt; ones&lt;/li&gt;
&lt;li&gt;If you're a FreeBSD ports person, get involved and help squash some of the last remaining bugs&lt;/li&gt;
&lt;li&gt;A lot of the work has already been done &lt;a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/" rel="nofollow noopener"&gt;in OpenBSD's ports tree&lt;/a&gt; - some patches just need to be adopted&lt;/li&gt;
&lt;li&gt;More and more upstream projects are incorporating LibreSSL patches in their code - let your favorite software vendor know that you're using it
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - David Maxwell - &lt;a href="mailto:david@netbsd.org" rel="nofollow noopener"&gt;david@netbsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/david_w_maxwell" rel="nofollow noopener"&gt;@david_w_maxwell&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.youtube.com/watch?v=CZHEZHK4jRc" rel="nofollow noopener"&gt;Pipecut&lt;/a&gt;, text processing, commandline wizardry&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://github.com/3ofcoins/jetpack" rel="nofollow noopener"&gt;Jetpack, a new jail container system&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A new project was launched to adapt FreeBSD jails to the "app container specification"&lt;/li&gt;
&lt;li&gt;While still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker&lt;/li&gt;
&lt;li&gt;It's a similar project to &lt;a href="https://github.com/pannon/iocage" rel="nofollow noopener"&gt;iocage&lt;/a&gt; or &lt;a href="https://github.com/ployground/bsdploy" rel="nofollow noopener"&gt;bsdploy&lt;/a&gt;, which we haven't talked a whole lot about&lt;/li&gt;
&lt;li&gt;There was also &lt;a href="https://news.ycombinator.com/item?id=8893630" rel="nofollow noopener"&gt;some discussion&lt;/a&gt; about it on Hacker News
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.reddit.com/r/BSD/comments/2szofc" rel="nofollow noopener"&gt;Separating base and package binaries&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;All of the main BSDs make a strong separation between the base system and third party software&lt;/li&gt;
&lt;li&gt;This is in contrast to Linux where there's no real concept of a "base system" - more recently, some distros have even merged all the binaries into a single directory&lt;/li&gt;
&lt;li&gt;A user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies&lt;/li&gt;
&lt;li&gt;Read the comments for the full explanation, but having things separated really helps keep things organized
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://svnweb.freebsd.org/base?view=revision&amp;amp;revision=277487" rel="nofollow noopener"&gt;Updated i915kms driver for FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward&lt;/li&gt;
&lt;li&gt;It doesn't introduce Haswell support just yet, but was required before the Haswell bits can be added
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://zacbrown.org/2015/01/18/openbsd-as-a-desktop/" rel="nofollow noopener"&gt;Year of the OpenBSD desktop&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Here we have an article about using OpenBSD as a daily driver for regular desktop usage&lt;/li&gt;
&lt;li&gt;The author says he "ran fifty thousand different distributions, never being satisfied"&lt;/li&gt;
&lt;li&gt;After dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook&lt;/li&gt;
&lt;li&gt;He also used FreeBSD between versions 7 and 9, finding a "a mostly harmonious environment," but regressions lead him to give up on desktop *nix once again&lt;/li&gt;
&lt;li&gt;Starting with 2015, he's back and is using OpenBSD on a Thinkpad x201&lt;/li&gt;
&lt;li&gt;The rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup&lt;/li&gt;
&lt;li&gt;He apparently used &lt;a href="http://www.bsdnow.tv/tutorials/the-desktop-obsd" rel="nofollow noopener"&gt;our desktop tutorial&lt;/a&gt; - thanks for watching!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://louwrentius.com/freebsd-101-unattended-install-over-pxe-http-no-nfs.html" rel="nofollow noopener"&gt;Unattended FreeBSD installation&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE&lt;/li&gt;
&lt;li&gt;His goal was to have a setup similar to Redhat's "kickstart" or &lt;a href="http://www.bsdnow.tv/tutorials/autoinstall" rel="nofollow noopener"&gt;OpenBSD's autoinstall&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;The article shows you how to set up DHCP and TFTP, with no NFS share setup required&lt;/li&gt;
&lt;li&gt;He also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20UsZjN4h" rel="nofollow noopener"&gt;Robert writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s219cMQz3U" rel="nofollow noopener"&gt;Sean writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2EkzMUMyb" rel="nofollow noopener"&gt;l33tname writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2nq6L6H1n" rel="nofollow noopener"&gt;Charlie writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21EGqUYLd" rel="nofollow noopener"&gt;Eric writes in&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Mailing List Gold&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=142159202606668&amp;amp;w=2" rel="nofollow noopener"&gt;Clowning around&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-ports/2015-January/097734.html" rel="nofollow noopener"&gt;Better than succeeding in this case&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, pipecut, david maxwell, commandline, shell, libressl, router, pf, cryptography, router, openssl, bhyve, digitalocean</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>This week on the show we'll be chatting with David Maxwell, a former NetBSD security officer. He's got an interesting project called Pipecut that takes a whole new approach to the commandline. We've also got answers to viewer-submitted questions and all this week's headlines, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsd.org/news/status/report-2014-10-2014-12.html" rel="nofollow noopener">FreeBSD quarterly status report</a></h3>

<ul>
<li>The FreeBSD team has posted an updated on some of their activities between October and December of 2014</li>
<li>They put a big focus on compatibility with other systems: the Linux emulation layer, <a href="http://www.bsdnow.tv/tutorials/bhyve" rel="nofollow noopener">bhyve</a>, WINE and Xen all got some nice improvements</li>
<li>As always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure</li>
<li>The release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs</li>
<li>FreeBSD's forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)</li>
<li>Git was promoted from beta to an officially-supported version control system (Kris is happy)</li>
<li>The core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints</li>
<li>Other notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more "cloud" services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements</li>
<li>Check out the full report for all the details that we didn't cover
***</li>
</ul>

<h3><a href="http://linux-audit.com/vulnerabilities-and-digital-signatures-for-openbsd-software-packages/" rel="nofollow noopener">OpenBSD package signature audit</a></h3>

<ul>
<li>"Linux Audit" is a website focused on auditing and hardening systems, as well as educating people about securing their boxes</li>
<li>They recently did an article about OpenBSD, specifically their <a href="http://www.bsdnow.tv/tutorials/ports-obsd" rel="nofollow noopener">ports and package system</a> and signing infrastructure</li>
<li>The author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed</li>
<li>Package signature formats and public key distribution methods are also touched on</li>
<li>After some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future</li>
<li>If you haven't seen <a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener">our episode about signify</a> with Ted Unangst, that would be a great one to check out after reading this
***</li>
</ul>

<h3><a href="http://ask.slashdot.org/story/15/01/15/1547209/ask-slashdot-migrating-a-router-from-linux-to-bsd" rel="nofollow noopener">Replacing a Linux router with BSD</a></h3>

<ul>
<li>There was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one</li>
<li>The poster begins with "I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs."</li>
<li>A lot of people were quick to recommend <a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener">OPNsense</a> and pfSense, being that they're very easy to administer (requiring basically no BSD knowledge at all)</li>
<li>Other commenters suggested a more hands-on approach, setting one up yourself with <a href="http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/" rel="nofollow noopener">FreeBSD</a> or <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">OpenBSD</a></li>
<li>If you've been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through</li>
<li>Unfortunately, a lot of the comments are just Linux users bickering about systemd, so you'll have to wade through some of that to get to the good information
***</li>
</ul>

<h3><a href="http://bsdxbsdx.blogspot.com/2015/01/switching-to-openssl-from-ports-in.html" rel="nofollow noopener">LibreSSL in FreeBSD and OPNsense</a></h3>

<ul>
<li>A FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)</li>
<li>The reasoning being that updates in base <a href="http://www.openbsd.org/papers/eurobsdcon2014-libressl.html" rel="nofollow noopener">tend to lag behind</a>, whereas the port can be updated for security very quickly</li>
<li>OPNsense developers are <a href="https://twitter.com/fitchitis/status/555625679614521345" rel="nofollow noopener">looking into</a>  <a href="http://forum.opnsense.org/index.php?topic=21.0" rel="nofollow noopener">switching away</a> from OpenSSL to <a href="http://www.bsdnow.tv/episodes/2014_07_30-liberating_ssl" rel="nofollow noopener">LibreSSL's portable version</a>, for both their ports and base system, which would be a pretty huge differentiator for their project</li>
<li>Some ports <a href="https://bugs.freebsd.org/bugzilla/buglist.cgi?order=Importance&amp;query_format=advanced&amp;short_desc=libressl&amp;short_desc_type=allwordssubstr" rel="nofollow noopener">still need fixing</a> to be compatible though, particularly <a href="https://github.com/opnsense/ports/commit/c15af648e9d5fcecf0ae666292e8f41c08979057" rel="nofollow noopener">a few</a> <a href="https://github.com/pyca/cryptography/issues/928" rel="nofollow noopener">python-related</a> ones</li>
<li>If you're a FreeBSD ports person, get involved and help squash some of the last remaining bugs</li>
<li>A lot of the work has already been done <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/" rel="nofollow noopener">in OpenBSD's ports tree</a> - some patches just need to be adopted</li>
<li>More and more upstream projects are incorporating LibreSSL patches in their code - let your favorite software vendor know that you're using it
***</li>
</ul>

<h2>Interview - David Maxwell - <a href="mailto:david@netbsd.org" rel="nofollow noopener">david@netbsd.org</a> / <a href="https://twitter.com/david_w_maxwell" rel="nofollow noopener">@david_w_maxwell</a></h2>

<p><a href="https://www.youtube.com/watch?v=CZHEZHK4jRc" rel="nofollow noopener">Pipecut</a>, text processing, commandline wizardry</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://github.com/3ofcoins/jetpack" rel="nofollow noopener">Jetpack, a new jail container system</a></h3>

<ul>
<li>A new project was launched to adapt FreeBSD jails to the "app container specification"</li>
<li>While still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker</li>
<li>It's a similar project to <a href="https://github.com/pannon/iocage" rel="nofollow noopener">iocage</a> or <a href="https://github.com/ployground/bsdploy" rel="nofollow noopener">bsdploy</a>, which we haven't talked a whole lot about</li>
<li>There was also <a href="https://news.ycombinator.com/item?id=8893630" rel="nofollow noopener">some discussion</a> about it on Hacker News
***</li>
</ul>

<h3><a href="https://www.reddit.com/r/BSD/comments/2szofc" rel="nofollow noopener">Separating base and package binaries</a></h3>

<ul>
<li>All of the main BSDs make a strong separation between the base system and third party software</li>
<li>This is in contrast to Linux where there's no real concept of a "base system" - more recently, some distros have even merged all the binaries into a single directory</li>
<li>A user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies</li>
<li>Read the comments for the full explanation, but having things separated really helps keep things organized
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=277487" rel="nofollow noopener">Updated i915kms driver for FreeBSD</a></h3>

<ul>
<li>This update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward</li>
<li>It doesn't introduce Haswell support just yet, but was required before the Haswell bits can be added
***</li>
</ul>

<h3><a href="http://zacbrown.org/2015/01/18/openbsd-as-a-desktop/" rel="nofollow noopener">Year of the OpenBSD desktop</a></h3>

<ul>
<li>Here we have an article about using OpenBSD as a daily driver for regular desktop usage</li>
<li>The author says he "ran fifty thousand different distributions, never being satisfied"</li>
<li>After dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook</li>
<li>He also used FreeBSD between versions 7 and 9, finding a "a mostly harmonious environment," but regressions lead him to give up on desktop *nix once again</li>
<li>Starting with 2015, he's back and is using OpenBSD on a Thinkpad x201</li>
<li>The rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup</li>
<li>He apparently used <a href="http://www.bsdnow.tv/tutorials/the-desktop-obsd" rel="nofollow noopener">our desktop tutorial</a> - thanks for watching!
***</li>
</ul>

<h3><a href="http://louwrentius.com/freebsd-101-unattended-install-over-pxe-http-no-nfs.html" rel="nofollow noopener">Unattended FreeBSD installation</a></h3>

<ul>
<li>A new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE</li>
<li>His goal was to have a setup similar to Redhat's "kickstart" or <a href="http://www.bsdnow.tv/tutorials/autoinstall" rel="nofollow noopener">OpenBSD's autoinstall</a></li>
<li>The article shows you how to set up DHCP and TFTP, with no NFS share setup required</li>
<li>He also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20UsZjN4h" rel="nofollow noopener">Robert writes in</a></li>
<li><a href="http://slexy.org/view/s219cMQz3U" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s2EkzMUMyb" rel="nofollow noopener">l33tname writes in</a></li>
<li><a href="http://slexy.org/view/s2nq6L6H1n" rel="nofollow noopener">Charlie writes in</a></li>
<li><a href="http://slexy.org/view/s21EGqUYLd" rel="nofollow noopener">Eric writes in</a>
***</li>
</ul>

<h2>Mailing List Gold</h2>

<ul>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142159202606668&amp;w=2" rel="nofollow noopener">Clowning around</a></li>
<li><a href="https://lists.freebsd.org/pipermail/freebsd-ports/2015-January/097734.html" rel="nofollow noopener">Better than succeeding in this case</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>This week on the show we'll be chatting with David Maxwell, a former NetBSD security officer. He's got an interesting project called Pipecut that takes a whole new approach to the commandline. We've also got answers to viewer-submitted questions and all this week's headlines, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsd.org/news/status/report-2014-10-2014-12.html" rel="nofollow noopener">FreeBSD quarterly status report</a></h3>

<ul>
<li>The FreeBSD team has posted an updated on some of their activities between October and December of 2014</li>
<li>They put a big focus on compatibility with other systems: the Linux emulation layer, <a href="http://www.bsdnow.tv/tutorials/bhyve" rel="nofollow noopener">bhyve</a>, WINE and Xen all got some nice improvements</li>
<li>As always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure</li>
<li>The release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs</li>
<li>FreeBSD's forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)</li>
<li>Git was promoted from beta to an officially-supported version control system (Kris is happy)</li>
<li>The core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints</li>
<li>Other notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more "cloud" services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements</li>
<li>Check out the full report for all the details that we didn't cover
***</li>
</ul>

<h3><a href="http://linux-audit.com/vulnerabilities-and-digital-signatures-for-openbsd-software-packages/" rel="nofollow noopener">OpenBSD package signature audit</a></h3>

<ul>
<li>"Linux Audit" is a website focused on auditing and hardening systems, as well as educating people about securing their boxes</li>
<li>They recently did an article about OpenBSD, specifically their <a href="http://www.bsdnow.tv/tutorials/ports-obsd" rel="nofollow noopener">ports and package system</a> and signing infrastructure</li>
<li>The author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed</li>
<li>Package signature formats and public key distribution methods are also touched on</li>
<li>After some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future</li>
<li>If you haven't seen <a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener">our episode about signify</a> with Ted Unangst, that would be a great one to check out after reading this
***</li>
</ul>

<h3><a href="http://ask.slashdot.org/story/15/01/15/1547209/ask-slashdot-migrating-a-router-from-linux-to-bsd" rel="nofollow noopener">Replacing a Linux router with BSD</a></h3>

<ul>
<li>There was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one</li>
<li>The poster begins with "I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs."</li>
<li>A lot of people were quick to recommend <a href="http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach" rel="nofollow noopener">OPNsense</a> and pfSense, being that they're very easy to administer (requiring basically no BSD knowledge at all)</li>
<li>Other commenters suggested a more hands-on approach, setting one up yourself with <a href="http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/" rel="nofollow noopener">FreeBSD</a> or <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">OpenBSD</a></li>
<li>If you've been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through</li>
<li>Unfortunately, a lot of the comments are just Linux users bickering about systemd, so you'll have to wade through some of that to get to the good information
***</li>
</ul>

<h3><a href="http://bsdxbsdx.blogspot.com/2015/01/switching-to-openssl-from-ports-in.html" rel="nofollow noopener">LibreSSL in FreeBSD and OPNsense</a></h3>

<ul>
<li>A FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)</li>
<li>The reasoning being that updates in base <a href="http://www.openbsd.org/papers/eurobsdcon2014-libressl.html" rel="nofollow noopener">tend to lag behind</a>, whereas the port can be updated for security very quickly</li>
<li>OPNsense developers are <a href="https://twitter.com/fitchitis/status/555625679614521345" rel="nofollow noopener">looking into</a>  <a href="http://forum.opnsense.org/index.php?topic=21.0" rel="nofollow noopener">switching away</a> from OpenSSL to <a href="http://www.bsdnow.tv/episodes/2014_07_30-liberating_ssl" rel="nofollow noopener">LibreSSL's portable version</a>, for both their ports and base system, which would be a pretty huge differentiator for their project</li>
<li>Some ports <a href="https://bugs.freebsd.org/bugzilla/buglist.cgi?order=Importance&amp;query_format=advanced&amp;short_desc=libressl&amp;short_desc_type=allwordssubstr" rel="nofollow noopener">still need fixing</a> to be compatible though, particularly <a href="https://github.com/opnsense/ports/commit/c15af648e9d5fcecf0ae666292e8f41c08979057" rel="nofollow noopener">a few</a> <a href="https://github.com/pyca/cryptography/issues/928" rel="nofollow noopener">python-related</a> ones</li>
<li>If you're a FreeBSD ports person, get involved and help squash some of the last remaining bugs</li>
<li>A lot of the work has already been done <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/" rel="nofollow noopener">in OpenBSD's ports tree</a> - some patches just need to be adopted</li>
<li>More and more upstream projects are incorporating LibreSSL patches in their code - let your favorite software vendor know that you're using it
***</li>
</ul>

<h2>Interview - David Maxwell - <a href="mailto:david@netbsd.org" rel="nofollow noopener">david@netbsd.org</a> / <a href="https://twitter.com/david_w_maxwell" rel="nofollow noopener">@david_w_maxwell</a></h2>

<p><a href="https://www.youtube.com/watch?v=CZHEZHK4jRc" rel="nofollow noopener">Pipecut</a>, text processing, commandline wizardry</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://github.com/3ofcoins/jetpack" rel="nofollow noopener">Jetpack, a new jail container system</a></h3>

<ul>
<li>A new project was launched to adapt FreeBSD jails to the "app container specification"</li>
<li>While still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker</li>
<li>It's a similar project to <a href="https://github.com/pannon/iocage" rel="nofollow noopener">iocage</a> or <a href="https://github.com/ployground/bsdploy" rel="nofollow noopener">bsdploy</a>, which we haven't talked a whole lot about</li>
<li>There was also <a href="https://news.ycombinator.com/item?id=8893630" rel="nofollow noopener">some discussion</a> about it on Hacker News
***</li>
</ul>

<h3><a href="https://www.reddit.com/r/BSD/comments/2szofc" rel="nofollow noopener">Separating base and package binaries</a></h3>

<ul>
<li>All of the main BSDs make a strong separation between the base system and third party software</li>
<li>This is in contrast to Linux where there's no real concept of a "base system" - more recently, some distros have even merged all the binaries into a single directory</li>
<li>A user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies</li>
<li>Read the comments for the full explanation, but having things separated really helps keep things organized
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=277487" rel="nofollow noopener">Updated i915kms driver for FreeBSD</a></h3>

<ul>
<li>This update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward</li>
<li>It doesn't introduce Haswell support just yet, but was required before the Haswell bits can be added
***</li>
</ul>

<h3><a href="http://zacbrown.org/2015/01/18/openbsd-as-a-desktop/" rel="nofollow noopener">Year of the OpenBSD desktop</a></h3>

<ul>
<li>Here we have an article about using OpenBSD as a daily driver for regular desktop usage</li>
<li>The author says he "ran fifty thousand different distributions, never being satisfied"</li>
<li>After dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook</li>
<li>He also used FreeBSD between versions 7 and 9, finding a "a mostly harmonious environment," but regressions lead him to give up on desktop *nix once again</li>
<li>Starting with 2015, he's back and is using OpenBSD on a Thinkpad x201</li>
<li>The rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup</li>
<li>He apparently used <a href="http://www.bsdnow.tv/tutorials/the-desktop-obsd" rel="nofollow noopener">our desktop tutorial</a> - thanks for watching!
***</li>
</ul>

<h3><a href="http://louwrentius.com/freebsd-101-unattended-install-over-pxe-http-no-nfs.html" rel="nofollow noopener">Unattended FreeBSD installation</a></h3>

<ul>
<li>A new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE</li>
<li>His goal was to have a setup similar to Redhat's "kickstart" or <a href="http://www.bsdnow.tv/tutorials/autoinstall" rel="nofollow noopener">OpenBSD's autoinstall</a></li>
<li>The article shows you how to set up DHCP and TFTP, with no NFS share setup required</li>
<li>He also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20UsZjN4h" rel="nofollow noopener">Robert writes in</a></li>
<li><a href="http://slexy.org/view/s219cMQz3U" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s2EkzMUMyb" rel="nofollow noopener">l33tname writes in</a></li>
<li><a href="http://slexy.org/view/s2nq6L6H1n" rel="nofollow noopener">Charlie writes in</a></li>
<li><a href="http://slexy.org/view/s21EGqUYLd" rel="nofollow noopener">Eric writes in</a>
***</li>
</ul>

<h2>Mailing List Gold</h2>

<ul>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142159202606668&amp;w=2" rel="nofollow noopener">Clowning around</a></li>
<li><a href="https://lists.freebsd.org/pipermail/freebsd-ports/2015-January/097734.html" rel="nofollow noopener">Better than succeeding in this case</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>60: Don't Buy a Router</title>
  <link>https://www.bsdnow.tv/60</link>
  <guid isPermaLink="false">e61941d1-74ff-40d0-91f6-86ff864cf99b</guid>
  <pubDate>Wed, 22 Oct 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e61941d1-74ff-40d0-91f6-86ff864cf99b.mp3" length="49443412" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:08:40</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://lists.fosdem.org/pipermail/fosdem/2014-October/002038.html" rel="nofollow noopener"&gt;BSD Devroom CFP&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This year's FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom&lt;/li&gt;
&lt;li&gt;They've issued a call for papers on anything BSD-related, and we always love more presentations&lt;/li&gt;
&lt;li&gt;If you're in the Belgium area or plan on going, submit a talk about something cool you're doing&lt;/li&gt;
&lt;li&gt;There's also &lt;a href="https://lists.fosdem.org/listinfo/bsd-devroom" rel="nofollow noopener"&gt;a mailing list&lt;/a&gt; and some more information in the original post
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002905.html" rel="nofollow noopener"&gt;Bhyve SVM code merge&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The bhyve_svm code has been in the "projects" tree of FreeBSD, but is &lt;a href="https://svnweb.freebsd.org/base?view=revision&amp;amp;revision=273375" rel="nofollow noopener"&gt;now ready&lt;/a&gt; for -CURRENT&lt;/li&gt;
&lt;li&gt;This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only&lt;/li&gt;
&lt;li&gt;All the supported operating systems and utilities should work on both now&lt;/li&gt;
&lt;li&gt;One thing to note: bhyve doesn't support PCI passthrough on AMD just yet&lt;/li&gt;
&lt;li&gt;There may still be &lt;a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002935.html" rel="nofollow noopener"&gt;some issues&lt;/a&gt; though
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://mail-index.netbsd.org/netbsd-advocacy/2014/10/20/msg000671.html" rel="nofollow noopener"&gt;NetBSD at Open Source Conference Tokyo&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The Japanese NetBSD users group held a booth at another recent open source conference&lt;/li&gt;
&lt;li&gt;As always, they were running NetBSD on everything you can imagine&lt;/li&gt;
&lt;li&gt;One of the users reports back to the mailing list on their experience, providing lots of pictures and links&lt;/li&gt;
&lt;li&gt;Here's an interesting &lt;a href="https://pbs.twimg.com/media/B0NnfcbCEAAmKIU.jpg:large" rel="nofollow noopener"&gt;screenshot of NetBSD running various other BSDs in Xen&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.reddit.com/r/unix/comments/2il383/question_about_the_bsd_community_as_a_whole/" rel="nofollow noopener"&gt;More BSD switchers every day&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community&lt;/li&gt;
&lt;li&gt;Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect&lt;/li&gt;
&lt;li&gt;So far, he's found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion&lt;/li&gt;
&lt;li&gt;There's also &lt;a href="https://www.reddit.com/r/BSD/comments/2jpxj9/question_about_the_current_state_of_freebsd/" rel="nofollow noopener"&gt;another semi-related thread&lt;/a&gt; about another Linux user wanting to switch to BSD because of systemd and GNU people&lt;/li&gt;
&lt;li&gt;There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read&lt;/li&gt;
&lt;li&gt;Maybe the OPs should've just watched this show
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Olivier Cochard-Labbé - &lt;a href="mailto:olivier@cochard.me" rel="nofollow noopener"&gt;olivier@cochard.me&lt;/a&gt; / &lt;a href="https://twitter.com/ocochardlabbe" rel="nofollow noopener"&gt;@ocochardlabbe&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;The BSD Router Project&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.banym.de/freebsd/install-freebsd-11-on-thinkpad-t420" rel="nofollow noopener"&gt;FreeBSD -CURRENT on a T420&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Thinkpads are quite popular with BSD developers and users&lt;/li&gt;
&lt;li&gt;Most of the hardware seems to be supported across the BSDs (especially wifi)&lt;/li&gt;
&lt;li&gt;This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI&lt;/li&gt;
&lt;li&gt;If you've got a Thinkpad, or especially this specific one, have a look at some of the steps involved
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.teckelworks.com/2014/10/building-a-freenas-server-with-a-supermicro-5018a-mhn4/" rel="nofollow noopener"&gt;FreeNAS on a Supermicro 5018A-MHN4&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;More and more people are migrating their NAS devices to BSD-based solutions&lt;/li&gt;
&lt;li&gt;In this post, the author goes through setting up FreeNAS on some of his new hardware&lt;/li&gt;
&lt;li&gt;His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor&lt;/li&gt;
&lt;li&gt;The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures)
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://hardenedbsd.org/article/shawn-webb/2014-10-15/hardening-procfs-and-linprocfs" rel="nofollow noopener"&gt;Hardening procfs and linprocfs&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux&lt;/li&gt;
&lt;li&gt;There exists a native procfs in FreeBSD, which was the target point of that exploit, but it's not used very often&lt;/li&gt;
&lt;li&gt;The Linux emulation layer also supports its own linprocfs, which was affected as well&lt;/li&gt;
&lt;li&gt;The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs&lt;/li&gt;
&lt;li&gt;If you want to learn more about ASLR and HardenedBSD, be sure to check out &lt;a href="http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover" rel="nofollow noopener"&gt;our interview with Shawn&lt;/a&gt; too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://pfsensesetup.com/bandwidth-monitoring-with-bandwidthd/" rel="nofollow noopener"&gt;pfSense monitoring with bandwidthd&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A lot of people run pfSense on their home network, and it's really useful to monitor the bandwidth usage&lt;/li&gt;
&lt;li&gt;This article will walk you through setting up bandwidthd to do exactly that&lt;/li&gt;
&lt;li&gt;bandwidthd monitors based on the IP address, rather than per-interface&lt;/li&gt;
&lt;li&gt;It can also build some cool HTML graphs, and we love those pfSense graphs&lt;/li&gt;
&lt;li&gt;Have a look at our &lt;a href="http://www.bsdnow.tv/tutorials/vnstat-iperf" rel="nofollow noopener"&gt;bandwidth monitoring and testing&lt;/a&gt; tutorial for some more ideas
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2b5ZZ5qCv" rel="nofollow noopener"&gt;Dave writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20aVvhv2d" rel="nofollow noopener"&gt;Chris writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2Vmwxy1QM" rel="nofollow noopener"&gt;Zeke writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2LB6MKoNT" rel="nofollow noopener"&gt;Bostjan writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2xxB9uOuV" rel="nofollow noopener"&gt;Patrick writes in&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Mailing List Gold&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=141357595922692&amp;amp;w=2" rel="nofollow noopener"&gt;More&lt;/a&gt; &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=141358124924479&amp;amp;w=2" rel="nofollow noopener"&gt;old bugs&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=141332534304117&amp;amp;w=2" rel="nofollow noopener"&gt;The Right Font™&lt;/a&gt; (&lt;a href="https://twitter.com/blakkheim/status/522162864409546753" rel="nofollow noopener"&gt;see also&lt;/a&gt;)
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, bsdrp, bsd router project, freenas, nas4free, router, gateway, firewall, pfsense, nanobsd, hardenedbsd, bhyve, devroom, fosdem</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://lists.fosdem.org/pipermail/fosdem/2014-October/002038.html" rel="nofollow noopener">BSD Devroom CFP</a></h3>

<ul>
<li>This year's FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom</li>
<li>They've issued a call for papers on anything BSD-related, and we always love more presentations</li>
<li>If you're in the Belgium area or plan on going, submit a talk about something cool you're doing</li>
<li>There's also <a href="https://lists.fosdem.org/listinfo/bsd-devroom" rel="nofollow noopener">a mailing list</a> and some more information in the original post
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002905.html" rel="nofollow noopener">Bhyve SVM code merge</a></h3>

<ul>
<li>The bhyve_svm code has been in the "projects" tree of FreeBSD, but is <a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=273375" rel="nofollow noopener">now ready</a> for -CURRENT</li>
<li>This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only</li>
<li>All the supported operating systems and utilities should work on both now</li>
<li>One thing to note: bhyve doesn't support PCI passthrough on AMD just yet</li>
<li>There may still be <a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002935.html" rel="nofollow noopener">some issues</a> though
***</li>
</ul>

<h3><a href="https://mail-index.netbsd.org/netbsd-advocacy/2014/10/20/msg000671.html" rel="nofollow noopener">NetBSD at Open Source Conference Tokyo</a></h3>

<ul>
<li>The Japanese NetBSD users group held a booth at another recent open source conference</li>
<li>As always, they were running NetBSD on everything you can imagine</li>
<li>One of the users reports back to the mailing list on their experience, providing lots of pictures and links</li>
<li>Here's an interesting <a href="https://pbs.twimg.com/media/B0NnfcbCEAAmKIU.jpg:large" rel="nofollow noopener">screenshot of NetBSD running various other BSDs in Xen</a>
***</li>
</ul>

<h3><a href="https://www.reddit.com/r/unix/comments/2il383/question_about_the_bsd_community_as_a_whole/" rel="nofollow noopener">More BSD switchers every day</a></h3>

<ul>
<li>A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community</li>
<li>Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect</li>
<li>So far, he's found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion</li>
<li>There's also <a href="https://www.reddit.com/r/BSD/comments/2jpxj9/question_about_the_current_state_of_freebsd/" rel="nofollow noopener">another semi-related thread</a> about another Linux user wanting to switch to BSD because of systemd and GNU people</li>
<li>There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read</li>
<li>Maybe the OPs should've just watched this show
***</li>
</ul>

<h2>Interview - Olivier Cochard-Labbé - <a href="mailto:olivier@cochard.me" rel="nofollow noopener">olivier@cochard.me</a> / <a href="https://twitter.com/ocochardlabbe" rel="nofollow noopener">@ocochardlabbe</a></h2>

<p>The BSD Router Project</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.banym.de/freebsd/install-freebsd-11-on-thinkpad-t420" rel="nofollow noopener">FreeBSD -CURRENT on a T420</a></h3>

<ul>
<li>Thinkpads are quite popular with BSD developers and users</li>
<li>Most of the hardware seems to be supported across the BSDs (especially wifi)</li>
<li>This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI</li>
<li>If you've got a Thinkpad, or especially this specific one, have a look at some of the steps involved
***</li>
</ul>

<h3><a href="https://www.teckelworks.com/2014/10/building-a-freenas-server-with-a-supermicro-5018a-mhn4/" rel="nofollow noopener">FreeNAS on a Supermicro 5018A-MHN4</a></h3>

<ul>
<li>More and more people are migrating their NAS devices to BSD-based solutions</li>
<li>In this post, the author goes through setting up FreeNAS on some of his new hardware</li>
<li>His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor</li>
<li>The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures)
***</li>
</ul>

<h3><a href="http://hardenedbsd.org/article/shawn-webb/2014-10-15/hardening-procfs-and-linprocfs" rel="nofollow noopener">Hardening procfs and linprocfs</a></h3>

<ul>
<li>There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux</li>
<li>There exists a native procfs in FreeBSD, which was the target point of that exploit, but it's not used very often</li>
<li>The Linux emulation layer also supports its own linprocfs, which was affected as well</li>
<li>The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs</li>
<li>If you want to learn more about ASLR and HardenedBSD, be sure to check out <a href="http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover" rel="nofollow noopener">our interview with Shawn</a> too
***</li>
</ul>

<h3><a href="http://pfsensesetup.com/bandwidth-monitoring-with-bandwidthd/" rel="nofollow noopener">pfSense monitoring with bandwidthd</a></h3>

<ul>
<li>A lot of people run pfSense on their home network, and it's really useful to monitor the bandwidth usage</li>
<li>This article will walk you through setting up bandwidthd to do exactly that</li>
<li>bandwidthd monitors based on the IP address, rather than per-interface</li>
<li>It can also build some cool HTML graphs, and we love those pfSense graphs</li>
<li>Have a look at our <a href="http://www.bsdnow.tv/tutorials/vnstat-iperf" rel="nofollow noopener">bandwidth monitoring and testing</a> tutorial for some more ideas
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2b5ZZ5qCv" rel="nofollow noopener">Dave writes in</a></li>
<li><a href="http://slexy.org/view/s20aVvhv2d" rel="nofollow noopener">Chris writes in</a></li>
<li><a href="http://slexy.org/view/s2Vmwxy1QM" rel="nofollow noopener">Zeke writes in</a></li>
<li><a href="http://slexy.org/view/s2LB6MKoNT" rel="nofollow noopener">Bostjan writes in</a></li>
<li><a href="http://slexy.org/view/s2xxB9uOuV" rel="nofollow noopener">Patrick writes in</a>
***</li>
</ul>

<h2>Mailing List Gold</h2>

<ul>
<li><a href="https://www.marc.info/?l=openbsd-tech&amp;m=141357595922692&amp;w=2" rel="nofollow noopener">More</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=141358124924479&amp;w=2" rel="nofollow noopener">old bugs</a></li>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=141332534304117&amp;w=2" rel="nofollow noopener">The Right Font™</a> (<a href="https://twitter.com/blakkheim/status/522162864409546753" rel="nofollow noopener">see also</a>)
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://lists.fosdem.org/pipermail/fosdem/2014-October/002038.html" rel="nofollow noopener">BSD Devroom CFP</a></h3>

<ul>
<li>This year's FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom</li>
<li>They've issued a call for papers on anything BSD-related, and we always love more presentations</li>
<li>If you're in the Belgium area or plan on going, submit a talk about something cool you're doing</li>
<li>There's also <a href="https://lists.fosdem.org/listinfo/bsd-devroom" rel="nofollow noopener">a mailing list</a> and some more information in the original post
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002905.html" rel="nofollow noopener">Bhyve SVM code merge</a></h3>

<ul>
<li>The bhyve_svm code has been in the "projects" tree of FreeBSD, but is <a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=273375" rel="nofollow noopener">now ready</a> for -CURRENT</li>
<li>This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only</li>
<li>All the supported operating systems and utilities should work on both now</li>
<li>One thing to note: bhyve doesn't support PCI passthrough on AMD just yet</li>
<li>There may still be <a href="https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002935.html" rel="nofollow noopener">some issues</a> though
***</li>
</ul>

<h3><a href="https://mail-index.netbsd.org/netbsd-advocacy/2014/10/20/msg000671.html" rel="nofollow noopener">NetBSD at Open Source Conference Tokyo</a></h3>

<ul>
<li>The Japanese NetBSD users group held a booth at another recent open source conference</li>
<li>As always, they were running NetBSD on everything you can imagine</li>
<li>One of the users reports back to the mailing list on their experience, providing lots of pictures and links</li>
<li>Here's an interesting <a href="https://pbs.twimg.com/media/B0NnfcbCEAAmKIU.jpg:large" rel="nofollow noopener">screenshot of NetBSD running various other BSDs in Xen</a>
***</li>
</ul>

<h3><a href="https://www.reddit.com/r/unix/comments/2il383/question_about_the_bsd_community_as_a_whole/" rel="nofollow noopener">More BSD switchers every day</a></h3>

<ul>
<li>A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community</li>
<li>Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect</li>
<li>So far, he's found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion</li>
<li>There's also <a href="https://www.reddit.com/r/BSD/comments/2jpxj9/question_about_the_current_state_of_freebsd/" rel="nofollow noopener">another semi-related thread</a> about another Linux user wanting to switch to BSD because of systemd and GNU people</li>
<li>There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read</li>
<li>Maybe the OPs should've just watched this show
***</li>
</ul>

<h2>Interview - Olivier Cochard-Labbé - <a href="mailto:olivier@cochard.me" rel="nofollow noopener">olivier@cochard.me</a> / <a href="https://twitter.com/ocochardlabbe" rel="nofollow noopener">@ocochardlabbe</a></h2>

<p>The BSD Router Project</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.banym.de/freebsd/install-freebsd-11-on-thinkpad-t420" rel="nofollow noopener">FreeBSD -CURRENT on a T420</a></h3>

<ul>
<li>Thinkpads are quite popular with BSD developers and users</li>
<li>Most of the hardware seems to be supported across the BSDs (especially wifi)</li>
<li>This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI</li>
<li>If you've got a Thinkpad, or especially this specific one, have a look at some of the steps involved
***</li>
</ul>

<h3><a href="https://www.teckelworks.com/2014/10/building-a-freenas-server-with-a-supermicro-5018a-mhn4/" rel="nofollow noopener">FreeNAS on a Supermicro 5018A-MHN4</a></h3>

<ul>
<li>More and more people are migrating their NAS devices to BSD-based solutions</li>
<li>In this post, the author goes through setting up FreeNAS on some of his new hardware</li>
<li>His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor</li>
<li>The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures)
***</li>
</ul>

<h3><a href="http://hardenedbsd.org/article/shawn-webb/2014-10-15/hardening-procfs-and-linprocfs" rel="nofollow noopener">Hardening procfs and linprocfs</a></h3>

<ul>
<li>There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux</li>
<li>There exists a native procfs in FreeBSD, which was the target point of that exploit, but it's not used very often</li>
<li>The Linux emulation layer also supports its own linprocfs, which was affected as well</li>
<li>The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs</li>
<li>If you want to learn more about ASLR and HardenedBSD, be sure to check out <a href="http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover" rel="nofollow noopener">our interview with Shawn</a> too
***</li>
</ul>

<h3><a href="http://pfsensesetup.com/bandwidth-monitoring-with-bandwidthd/" rel="nofollow noopener">pfSense monitoring with bandwidthd</a></h3>

<ul>
<li>A lot of people run pfSense on their home network, and it's really useful to monitor the bandwidth usage</li>
<li>This article will walk you through setting up bandwidthd to do exactly that</li>
<li>bandwidthd monitors based on the IP address, rather than per-interface</li>
<li>It can also build some cool HTML graphs, and we love those pfSense graphs</li>
<li>Have a look at our <a href="http://www.bsdnow.tv/tutorials/vnstat-iperf" rel="nofollow noopener">bandwidth monitoring and testing</a> tutorial for some more ideas
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2b5ZZ5qCv" rel="nofollow noopener">Dave writes in</a></li>
<li><a href="http://slexy.org/view/s20aVvhv2d" rel="nofollow noopener">Chris writes in</a></li>
<li><a href="http://slexy.org/view/s2Vmwxy1QM" rel="nofollow noopener">Zeke writes in</a></li>
<li><a href="http://slexy.org/view/s2LB6MKoNT" rel="nofollow noopener">Bostjan writes in</a></li>
<li><a href="http://slexy.org/view/s2xxB9uOuV" rel="nofollow noopener">Patrick writes in</a>
***</li>
</ul>

<h2>Mailing List Gold</h2>

<ul>
<li><a href="https://www.marc.info/?l=openbsd-tech&amp;m=141357595922692&amp;w=2" rel="nofollow noopener">More</a> <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=141358124924479&amp;w=2" rel="nofollow noopener">old bugs</a></li>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=141332534304117&amp;w=2" rel="nofollow noopener">The Right Font™</a> (<a href="https://twitter.com/blakkheim/status/522162864409546753" rel="nofollow noopener">see also</a>)
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>49: The PC-BSD Tour</title>
  <link>https://www.bsdnow.tv/49</link>
  <guid isPermaLink="false">ccc19842-ae62-43a9-8f82-44f3f281de42</guid>
  <pubDate>Wed, 06 Aug 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ccc19842-ae62-43a9-8f82-44f3f281de42.mp3" length="59661652" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:22:51</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.freebsdfoundation.org/press/2014jul-newsletter" rel="nofollow noopener"&gt;FreeBSD foundation semi-annual newsletter&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation&lt;/li&gt;
&lt;li&gt;"In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!"&lt;/li&gt;
&lt;li&gt;It talks about the &lt;a href="http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates" rel="nofollow noopener"&gt;FreeBSD journal&lt;/a&gt; as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT&lt;/li&gt;
&lt;li&gt;The full list of funded projects is included, also with details in the financial reports&lt;/li&gt;
&lt;li&gt;There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, intel nuc, nuc, gui, ssl, tls, libressl, openssl, foundation, bafug, talk, presentation, recording, bhyve, libvirt, rss, netmap, opensmtpd</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsdfoundation.org/press/2014jul-newsletter" rel="nofollow noopener">FreeBSD foundation semi-annual newsletter</a></h3>

<ul>
<li>The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation</li>
<li>"In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!"</li>
<li>It talks about the <a href="http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates" rel="nofollow noopener">FreeBSD journal</a> as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT</li>
<li>The full list of funded projects is included, also with details in the financial reports</li>
<li>There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsdfoundation.org/press/2014jul-newsletter" rel="nofollow noopener">FreeBSD foundation semi-annual newsletter</a></h3>

<ul>
<li>The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation</li>
<li>"In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!"</li>
<li>It talks about the <a href="http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates" rel="nofollow noopener">FreeBSD journal</a> as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT</li>
<li>The full list of funded projects is included, also with details in the financial reports</li>
<li>There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>30: Documentation is King</title>
  <link>https://www.bsdnow.tv/30</link>
  <guid isPermaLink="false">ab836072-6c9b-4d13-9011-8d9ddf4294e7</guid>
  <pubDate>Wed, 26 Mar 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/ab836072-6c9b-4d13-9011-8d9ddf4294e7.mp3" length="59694113" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Finally hit 30 episodes! Today we'll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you've ever wondered about the scary world of mailing lists, today's tutorial will show you the basics of how to get help and contribute back. There's lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:22:54</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Finally hit 30 episodes! Today we'll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you've ever wondered about the scary world of mailing lists, today's tutorial will show you the basics of how to get help and contribute back. There's lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120" rel="nofollow noopener"&gt;OpenBSD on a Sun T5120&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Our buddy &lt;a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener"&gt;Ted Unangst&lt;/a&gt; got himself a cool Sun box&lt;/li&gt;
&lt;li&gt;Of course he had to write a post about installing and running OpenBSD on it&lt;/li&gt;
&lt;li&gt;The post goes through some of the quirks and steps to go through in case you're interested in one of these fine SPARC machines&lt;/li&gt;
&lt;li&gt;He's also got another post about OpenBSD on a &lt;a href="http://www.tedunangst.com/flak/post/Dell-CS24-SC-server" rel="nofollow noopener"&gt;Dell CS24-SC server&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/results?search_query=bhyvecon%20tokyo&amp;amp;sm=3" rel="nofollow noopener"&gt;Bhyvecon 2014 videos are up&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Like we mentioned last week, &lt;a href="http://bhyvecon.org/" rel="nofollow noopener"&gt;Bhyvecon&lt;/a&gt; was an almost-impromptu conference before AsiaBSDCon&lt;/li&gt;
&lt;li&gt;The talks have apparently already been uploaded!&lt;/li&gt;
&lt;li&gt;Subjects include Bhyve's past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization&lt;/li&gt;
&lt;li&gt;Lots more detail in the videos, so check 'em all out
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.khubla.com/freebsd/building-my-own-wireless-point" rel="nofollow noopener"&gt;Building a FreeBSD wireless access point&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We've got a new blog post about creating a wireless access point with FreeBSD&lt;/li&gt;
&lt;li&gt;After all the recent news of consumer routers being pwned like candy, it's time for people to start building &lt;a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener"&gt;BSD routers&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;The author goes through a lot of the process of getting one set up using good ol' FreeBSD&lt;/li&gt;
&lt;li&gt;Using hostapd, he's able to share his wireless card in hostap mode and offer DHCP to all the clients&lt;/li&gt;
&lt;li&gt;Plenty of config files and more messy details in the post
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.notquitemainstream.com/2014/03/15/why-im-switching-from-synology-to-freenas/" rel="nofollow noopener"&gt;Switching from Synology to FreeNAS&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The author has been considering getting a NAS for quite a while and documents his research&lt;/li&gt;
&lt;li&gt;He was faced with the compromise of convenience vs. flexibility - prebuilt or DIY&lt;/li&gt;
&lt;li&gt;After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice&lt;/li&gt;
&lt;li&gt;The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Warren Block - &lt;a href="mailto:wblock@freebsd.org" rel="nofollow noopener"&gt;wblock@freebsd.org&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;FreeBSD's documentation project, igor, doceng&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/mailing-lists" rel="nofollow noopener"&gt;The world of BSD mailing lists&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.shiningsilence.com/dbsdlog/2014/03/18/13651.html" rel="nofollow noopener"&gt;HAMMER2 work and notes&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Matthew Dillon has posted some updated notes about the development of the new HAMMER version&lt;/li&gt;
&lt;li&gt;The start of a cluster API was committed to the tree&lt;/li&gt;
&lt;li&gt;There are also links to design document, a freemap design document, a changes list and a todo list
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/watch?v=buo5JlMnGPI" rel="nofollow noopener"&gt;BSD Breaking Barriers&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Our friend &lt;a href="http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop" rel="nofollow noopener"&gt;MWL&lt;/a&gt; gave a talk at NYCBSDCon about BSD "breaking barriers"&lt;/li&gt;
&lt;li&gt;"What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We'll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years."&lt;/li&gt;
&lt;li&gt;He also has another upcoming talk, (or "webcast") called "&lt;a href="http://oreillynet.com/pub/e/3059" rel="nofollow noopener"&gt;Beyond Security: Getting to Know OpenBSD's Real Purpose&lt;/a&gt;"&lt;/li&gt;
&lt;li&gt;"OpenBSD is frequently billed as a high-security operating system. That's true, but security isn't the OpenBSD Project's main goal. This webcast will introduce systems administrators to OpenBSD, explain the project's mission, and discuss the features and benefits."&lt;/li&gt;
&lt;li&gt;It's on May 27th and will hopefully be recorded
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://dreamcat4.github.io/finch/" rel="nofollow noopener"&gt;FreeBSD in a chroot&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Finch, "FreeBSD running IN a CHroot," is a new project&lt;/li&gt;
&lt;li&gt;It's a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)&lt;/li&gt;
&lt;li&gt;All the details and some interesting use cases are on the github page&lt;/li&gt;
&lt;li&gt;He really needs to &lt;a href="https://www.freshports.org/net-im/finch" rel="nofollow noopener"&gt;change the project name&lt;/a&gt; though
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.pcbsd.org/2014/03/pc-bsd-weekly-feature-digest-22/" rel="nofollow noopener"&gt;PCBSD weekly digest&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Lots of bugfixes for PCBSD coming down the tubes&lt;/li&gt;
&lt;li&gt;LZ4 compression is now enabled by default on the whole pool&lt;/li&gt;
&lt;li&gt;The latest 10-STABLE has been imported and builds are going&lt;/li&gt;
&lt;li&gt;Also the latest GNOME and Cinnamon builds have been imported and much more
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20SlvTcwd" rel="nofollow noopener"&gt;Bostjan writes in&lt;/a&gt; (IRC suggests md5deep)&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2PeMqXFid" rel="nofollow noopener"&gt;Don writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21yii6KZe" rel="nofollow noopener"&gt;kaltheat writes in&lt;/a&gt; (We use R0DE Podcast microphones and Logitech C920 HD webcams)&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21SkX19Cp" rel="nofollow noopener"&gt;Harri writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, rtfm, mailing lists, lists, documentation, doceng, igor, man pages, manpages, wireless, access point, wap, router, pfsense, sun, t5120, dell, cs24-c, server, bhyve, bhyvecon, asiabsdcon, 2014, synology, freenas, ixsystems, megaport, foundation, rack, datacenter, mail, hammer, hammer2, hammerfs, fs, filesystem, rump kernels</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Finally hit 30 episodes! Today we'll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you've ever wondered about the scary world of mailing lists, today's tutorial will show you the basics of how to get help and contribute back. There's lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120" rel="nofollow noopener">OpenBSD on a Sun T5120</a></h3>

<ul>
<li>Our buddy <a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener">Ted Unangst</a> got himself a cool Sun box</li>
<li>Of course he had to write a post about installing and running OpenBSD on it</li>
<li>The post goes through some of the quirks and steps to go through in case you're interested in one of these fine SPARC machines</li>
<li>He's also got another post about OpenBSD on a <a href="http://www.tedunangst.com/flak/post/Dell-CS24-SC-server" rel="nofollow noopener">Dell CS24-SC server</a>
***</li>
</ul>

<h3><a href="https://www.youtube.com/results?search_query=bhyvecon%20tokyo&amp;sm=3" rel="nofollow noopener">Bhyvecon 2014 videos are up</a></h3>

<ul>
<li>Like we mentioned last week, <a href="http://bhyvecon.org/" rel="nofollow noopener">Bhyvecon</a> was an almost-impromptu conference before AsiaBSDCon</li>
<li>The talks have apparently already been uploaded!</li>
<li>Subjects include Bhyve's past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization</li>
<li>Lots more detail in the videos, so check 'em all out
***</li>
</ul>

<h3><a href="http://blog.khubla.com/freebsd/building-my-own-wireless-point" rel="nofollow noopener">Building a FreeBSD wireless access point</a></h3>

<ul>
<li>We've got a new blog post about creating a wireless access point with FreeBSD</li>
<li>After all the recent news of consumer routers being pwned like candy, it's time for people to start building <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">BSD routers</a></li>
<li>The author goes through a lot of the process of getting one set up using good ol' FreeBSD</li>
<li>Using hostapd, he's able to share his wireless card in hostap mode and offer DHCP to all the clients</li>
<li>Plenty of config files and more messy details in the post
***</li>
</ul>

<h3><a href="http://www.notquitemainstream.com/2014/03/15/why-im-switching-from-synology-to-freenas/" rel="nofollow noopener">Switching from Synology to FreeNAS</a></h3>

<ul>
<li>The author has been considering getting a NAS for quite a while and documents his research</li>
<li>He was faced with the compromise of convenience vs. flexibility - prebuilt or DIY</li>
<li>After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice</li>
<li>The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give
***</li>
</ul>

<h2>Interview - Warren Block - <a href="mailto:wblock@freebsd.org" rel="nofollow noopener">wblock@freebsd.org</a></h2>

<p>FreeBSD's documentation project, igor, doceng</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/mailing-lists" rel="nofollow noopener">The world of BSD mailing lists</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://www.shiningsilence.com/dbsdlog/2014/03/18/13651.html" rel="nofollow noopener">HAMMER2 work and notes</a></h3>

<ul>
<li>Matthew Dillon has posted some updated notes about the development of the new HAMMER version</li>
<li>The start of a cluster API was committed to the tree</li>
<li>There are also links to design document, a freemap design document, a changes list and a todo list
***</li>
</ul>

<h3><a href="https://www.youtube.com/watch?v=buo5JlMnGPI" rel="nofollow noopener">BSD Breaking Barriers</a></h3>

<ul>
<li>Our friend <a href="http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop" rel="nofollow noopener">MWL</a> gave a talk at NYCBSDCon about BSD "breaking barriers"</li>
<li>"What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We'll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years."</li>
<li>He also has another upcoming talk, (or "webcast") called "<a href="http://oreillynet.com/pub/e/3059" rel="nofollow noopener">Beyond Security: Getting to Know OpenBSD's Real Purpose</a>"</li>
<li>"OpenBSD is frequently billed as a high-security operating system. That's true, but security isn't the OpenBSD Project's main goal. This webcast will introduce systems administrators to OpenBSD, explain the project's mission, and discuss the features and benefits."</li>
<li>It's on May 27th and will hopefully be recorded
***</li>
</ul>

<h3><a href="http://dreamcat4.github.io/finch/" rel="nofollow noopener">FreeBSD in a chroot</a></h3>

<ul>
<li>Finch, "FreeBSD running IN a CHroot," is a new project</li>
<li>It's a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)</li>
<li>All the details and some interesting use cases are on the github page</li>
<li>He really needs to <a href="https://www.freshports.org/net-im/finch" rel="nofollow noopener">change the project name</a> though
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/03/pc-bsd-weekly-feature-digest-22/" rel="nofollow noopener">PCBSD weekly digest</a></h3>

<ul>
<li>Lots of bugfixes for PCBSD coming down the tubes</li>
<li>LZ4 compression is now enabled by default on the whole pool</li>
<li>The latest 10-STABLE has been imported and builds are going</li>
<li>Also the latest GNOME and Cinnamon builds have been imported and much more
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20SlvTcwd" rel="nofollow noopener">Bostjan writes in</a> (IRC suggests md5deep)</li>
<li><a href="http://slexy.org/view/s2PeMqXFid" rel="nofollow noopener">Don writes in</a></li>
<li><a href="http://slexy.org/view/s21yii6KZe" rel="nofollow noopener">kaltheat writes in</a> (We use R0DE Podcast microphones and Logitech C920 HD webcams)</li>
<li><a href="http://slexy.org/view/s21SkX19Cp" rel="nofollow noopener">Harri writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Finally hit 30 episodes! Today we'll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you've ever wondered about the scary world of mailing lists, today's tutorial will show you the basics of how to get help and contribute back. There's lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120" rel="nofollow noopener">OpenBSD on a Sun T5120</a></h3>

<ul>
<li>Our buddy <a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener">Ted Unangst</a> got himself a cool Sun box</li>
<li>Of course he had to write a post about installing and running OpenBSD on it</li>
<li>The post goes through some of the quirks and steps to go through in case you're interested in one of these fine SPARC machines</li>
<li>He's also got another post about OpenBSD on a <a href="http://www.tedunangst.com/flak/post/Dell-CS24-SC-server" rel="nofollow noopener">Dell CS24-SC server</a>
***</li>
</ul>

<h3><a href="https://www.youtube.com/results?search_query=bhyvecon%20tokyo&amp;sm=3" rel="nofollow noopener">Bhyvecon 2014 videos are up</a></h3>

<ul>
<li>Like we mentioned last week, <a href="http://bhyvecon.org/" rel="nofollow noopener">Bhyvecon</a> was an almost-impromptu conference before AsiaBSDCon</li>
<li>The talks have apparently already been uploaded!</li>
<li>Subjects include Bhyve's past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization</li>
<li>Lots more detail in the videos, so check 'em all out
***</li>
</ul>

<h3><a href="http://blog.khubla.com/freebsd/building-my-own-wireless-point" rel="nofollow noopener">Building a FreeBSD wireless access point</a></h3>

<ul>
<li>We've got a new blog post about creating a wireless access point with FreeBSD</li>
<li>After all the recent news of consumer routers being pwned like candy, it's time for people to start building <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">BSD routers</a></li>
<li>The author goes through a lot of the process of getting one set up using good ol' FreeBSD</li>
<li>Using hostapd, he's able to share his wireless card in hostap mode and offer DHCP to all the clients</li>
<li>Plenty of config files and more messy details in the post
***</li>
</ul>

<h3><a href="http://www.notquitemainstream.com/2014/03/15/why-im-switching-from-synology-to-freenas/" rel="nofollow noopener">Switching from Synology to FreeNAS</a></h3>

<ul>
<li>The author has been considering getting a NAS for quite a while and documents his research</li>
<li>He was faced with the compromise of convenience vs. flexibility - prebuilt or DIY</li>
<li>After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice</li>
<li>The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give
***</li>
</ul>

<h2>Interview - Warren Block - <a href="mailto:wblock@freebsd.org" rel="nofollow noopener">wblock@freebsd.org</a></h2>

<p>FreeBSD's documentation project, igor, doceng</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/mailing-lists" rel="nofollow noopener">The world of BSD mailing lists</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://www.shiningsilence.com/dbsdlog/2014/03/18/13651.html" rel="nofollow noopener">HAMMER2 work and notes</a></h3>

<ul>
<li>Matthew Dillon has posted some updated notes about the development of the new HAMMER version</li>
<li>The start of a cluster API was committed to the tree</li>
<li>There are also links to design document, a freemap design document, a changes list and a todo list
***</li>
</ul>

<h3><a href="https://www.youtube.com/watch?v=buo5JlMnGPI" rel="nofollow noopener">BSD Breaking Barriers</a></h3>

<ul>
<li>Our friend <a href="http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop" rel="nofollow noopener">MWL</a> gave a talk at NYCBSDCon about BSD "breaking barriers"</li>
<li>"What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We'll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years."</li>
<li>He also has another upcoming talk, (or "webcast") called "<a href="http://oreillynet.com/pub/e/3059" rel="nofollow noopener">Beyond Security: Getting to Know OpenBSD's Real Purpose</a>"</li>
<li>"OpenBSD is frequently billed as a high-security operating system. That's true, but security isn't the OpenBSD Project's main goal. This webcast will introduce systems administrators to OpenBSD, explain the project's mission, and discuss the features and benefits."</li>
<li>It's on May 27th and will hopefully be recorded
***</li>
</ul>

<h3><a href="http://dreamcat4.github.io/finch/" rel="nofollow noopener">FreeBSD in a chroot</a></h3>

<ul>
<li>Finch, "FreeBSD running IN a CHroot," is a new project</li>
<li>It's a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)</li>
<li>All the details and some interesting use cases are on the github page</li>
<li>He really needs to <a href="https://www.freshports.org/net-im/finch" rel="nofollow noopener">change the project name</a> though
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/03/pc-bsd-weekly-feature-digest-22/" rel="nofollow noopener">PCBSD weekly digest</a></h3>

<ul>
<li>Lots of bugfixes for PCBSD coming down the tubes</li>
<li>LZ4 compression is now enabled by default on the whole pool</li>
<li>The latest 10-STABLE has been imported and builds are going</li>
<li>Also the latest GNOME and Cinnamon builds have been imported and much more
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20SlvTcwd" rel="nofollow noopener">Bostjan writes in</a> (IRC suggests md5deep)</li>
<li><a href="http://slexy.org/view/s2PeMqXFid" rel="nofollow noopener">Don writes in</a></li>
<li><a href="http://slexy.org/view/s21yii6KZe" rel="nofollow noopener">kaltheat writes in</a> (We use R0DE Podcast microphones and Logitech C920 HD webcams)</li>
<li><a href="http://slexy.org/view/s21SkX19Cp" rel="nofollow noopener">Harri writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>20: Bhyve Mind</title>
  <link>https://www.bsdnow.tv/20</link>
  <guid isPermaLink="false">6125c3d9-473a-4557-a429-423dffa36cbf</guid>
  <pubDate>Wed, 15 Jan 2014 08:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6125c3d9-473a-4557-a429-423dffa36cbf.mp3" length="60158675" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:23:33</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140106055302" rel="nofollow noopener"&gt;OpenBSD automatic installation&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A CFT (call for testing) was posted for OpenBSD's new automatic installer process&lt;/li&gt;
&lt;li&gt;Using this new system, you can spin up fully-configured OpenBSD installs very quickly&lt;/li&gt;
&lt;li&gt;It will answer all the questions for you and can put files into place and start services&lt;/li&gt;
&lt;li&gt;Great for large deployments, help test it and report your findings
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/channel/UCL09rVicvyZrqe-I2LP5Vyg/videos" rel="nofollow noopener"&gt;FreeNAS install guide and blog posts&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A multipart series on YouTube about installing FreeNAS&lt;/li&gt;
&lt;li&gt;In part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware&lt;/li&gt;
&lt;li&gt;In part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools&lt;/li&gt;
&lt;li&gt;He pronounces gigabytes as jiggabytes and it's hilarious&lt;/li&gt;
&lt;li&gt;We've also got an &lt;a href="http://enoriver.net/index.php/2014/01/11/freenas-works-as-advertised/" rel="nofollow noopener"&gt;unrelated blog post&lt;/a&gt; about a very satisfied FreeNAS user who details his setup&lt;/li&gt;
&lt;li&gt;As well as &lt;a href="http://devinteske.com/freenas-development/" rel="nofollow noopener"&gt;another blog post&lt;/a&gt; from our old pal &lt;a href="http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities" rel="nofollow noopener"&gt;Devin Teske&lt;/a&gt; about his recent foray into the FreeNAS development world
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-stable/2014-January/076800.html" rel="nofollow noopener"&gt;FreeBSD 10.0-RC5 is out&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Another, unexpected RC is out for 10.0&lt;/li&gt;
&lt;li&gt;Minor fixes included, please help test and report any bugs&lt;/li&gt;
&lt;li&gt;You can update via freebsd-update or from source&lt;/li&gt;
&lt;li&gt;Hopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about&lt;/li&gt;
&lt;li&gt;It's been &lt;a href="https://svnweb.freebsd.org/base?view=revision&amp;amp;revision=260664" rel="nofollow noopener"&gt;tagged -RELEASE&lt;/a&gt; in SVN already too!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://marc.info/?l=openbsd-cvs&amp;amp;m=138952598914052&amp;amp;w=2" rel="nofollow noopener"&gt;OpenBSD 5.5-beta is out&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Theo updated the branch status to 5.5-beta&lt;/li&gt;
&lt;li&gt;A &lt;a href="http://www.openbsd.org/plus.html" rel="nofollow noopener"&gt;list of changes&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://ftp.openbsd.org/pub/OpenBSD/snapshots/" rel="nofollow noopener"&gt;Help test&lt;/a&gt; and report any bugs you find&lt;/li&gt;
&lt;li&gt;Lots of rapid development with signify (which we mentioned last week), the beta includes some "test keys"&lt;/li&gt;
&lt;li&gt;Does that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon)
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Neel Natu &amp;amp; Peter Grehan - &lt;a href="mailto:neel@freebsd.org" rel="nofollow noopener"&gt;neel@freebsd.org&lt;/a&gt; &amp;amp; &lt;a href="mailto:grehan@freebsd.org" rel="nofollow noopener"&gt;grehan@freebsd.org&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;BHyVe - the BSD hypervisor&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/bhyve" rel="nofollow noopener"&gt;Virtualization with bhyve&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html" rel="nofollow noopener"&gt;Hostname canonicalisation in OpenSSH&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Blog post from our friend &lt;a href="http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline" rel="nofollow noopener"&gt;Damien Miller&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;This new feature allows clients to canonicalize unqualified domain names&lt;/li&gt;
&lt;li&gt;SSH will know if you typed "ssh bsdnow" you meant "ssh bsdnow.tv" with new config options&lt;/li&gt;
&lt;li&gt;This will help clean up some ssh configs, especially if you have many hosts&lt;/li&gt;
&lt;li&gt;Should make it into OpenSSH 6.5, which is "due really soon"
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.shiningsilence.com/dbsdlog/2014/01/07/13078.html" rel="nofollow noopener"&gt;Dragonfly on a Chromebook&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Some work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook&lt;/li&gt;
&lt;li&gt;These &lt;a href="http://www.shiningsilence.com/dbsdlog/2014/01/10/13132.html" rel="nofollow noopener"&gt;couple of posts&lt;/a&gt; detail some of the things he's got working so far&lt;/li&gt;
&lt;li&gt;Changes were needed to the boot process, trackpad and wifi drivers needed updating...&lt;/li&gt;
&lt;li&gt;Also includes a guide written by Dillon on how to get yours working
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://kazarka.com/index.php?section=spiderinabox" rel="nofollow noopener"&gt;Spider in a box&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;"Spiderinabox" is a new OpenBSD-based project&lt;/li&gt;
&lt;li&gt;Using a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X&lt;/li&gt;
&lt;li&gt;Firefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way&lt;/li&gt;
&lt;li&gt;The developer is looking for testers on other operating systems!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-3/" rel="nofollow noopener"&gt;PCBSD weekly digest&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;PCBSD 10 has entered into the code freeze phase&lt;/li&gt;
&lt;li&gt;They're focusing on fixing bugs now, rather than adding new features&lt;/li&gt;
&lt;li&gt;The update system got a lot of improvements&lt;/li&gt;
&lt;li&gt;PBI load times reduced by up to 40%! what!!!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s25zbSPtcm" rel="nofollow noopener"&gt;Scott writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2EarxbZz1" rel="nofollow noopener"&gt;Chris writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2MWKxtWxF" rel="nofollow noopener"&gt;SW writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20kzex2qm" rel="nofollow noopener"&gt;Ole writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2858Ph4o0" rel="nofollow noopener"&gt;Gertjan writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, bhyve, virtualization, xen, hypervisor, type 2, neel natu, peter grehan, presentation, dom0, domu, automatic install, pxe, pxeboot, freenas, installation, chromebook, edgebsd, spiderinabox, spider in a box, vm</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20140106055302" rel="nofollow noopener">OpenBSD automatic installation</a></h3>

<ul>
<li>A CFT (call for testing) was posted for OpenBSD's new automatic installer process</li>
<li>Using this new system, you can spin up fully-configured OpenBSD installs very quickly</li>
<li>It will answer all the questions for you and can put files into place and start services</li>
<li>Great for large deployments, help test it and report your findings
***</li>
</ul>

<h3><a href="https://www.youtube.com/channel/UCL09rVicvyZrqe-I2LP5Vyg/videos" rel="nofollow noopener">FreeNAS install guide and blog posts</a></h3>

<ul>
<li>A multipart series on YouTube about installing FreeNAS</li>
<li>In part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware</li>
<li>In part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools</li>
<li>He pronounces gigabytes as jiggabytes and it's hilarious</li>
<li>We've also got an <a href="http://enoriver.net/index.php/2014/01/11/freenas-works-as-advertised/" rel="nofollow noopener">unrelated blog post</a> about a very satisfied FreeNAS user who details his setup</li>
<li>As well as <a href="http://devinteske.com/freenas-development/" rel="nofollow noopener">another blog post</a> from our old pal <a href="http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities" rel="nofollow noopener">Devin Teske</a> about his recent foray into the FreeNAS development world
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2014-January/076800.html" rel="nofollow noopener">FreeBSD 10.0-RC5 is out</a></h3>

<ul>
<li>Another, unexpected RC is out for 10.0</li>
<li>Minor fixes included, please help test and report any bugs</li>
<li>You can update via freebsd-update or from source</li>
<li>Hopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about</li>
<li>It's been <a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=260664" rel="nofollow noopener">tagged -RELEASE</a> in SVN already too!
***</li>
</ul>

<h3><a href="http://marc.info/?l=openbsd-cvs&amp;m=138952598914052&amp;w=2" rel="nofollow noopener">OpenBSD 5.5-beta is out</a></h3>

<ul>
<li>Theo updated the branch status to 5.5-beta</li>
<li>A <a href="http://www.openbsd.org/plus.html" rel="nofollow noopener">list of changes</a></li>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/snapshots/" rel="nofollow noopener">Help test</a> and report any bugs you find</li>
<li>Lots of rapid development with signify (which we mentioned last week), the beta includes some "test keys"</li>
<li>Does that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon)
***</li>
</ul>

<h2>Interview - Neel Natu &amp; Peter Grehan - <a href="mailto:neel@freebsd.org" rel="nofollow noopener">neel@freebsd.org</a> &amp; <a href="mailto:grehan@freebsd.org" rel="nofollow noopener">grehan@freebsd.org</a></h2>

<p>BHyVe - the BSD hypervisor</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/bhyve" rel="nofollow noopener">Virtualization with bhyve</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html" rel="nofollow noopener">Hostname canonicalisation in OpenSSH</a></h3>

<ul>
<li>Blog post from our friend <a href="http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline" rel="nofollow noopener">Damien Miller</a></li>
<li>This new feature allows clients to canonicalize unqualified domain names</li>
<li>SSH will know if you typed "ssh bsdnow" you meant "ssh bsdnow.tv" with new config options</li>
<li>This will help clean up some ssh configs, especially if you have many hosts</li>
<li>Should make it into OpenSSH 6.5, which is "due really soon"
***</li>
</ul>

<h3><a href="http://www.shiningsilence.com/dbsdlog/2014/01/07/13078.html" rel="nofollow noopener">Dragonfly on a Chromebook</a></h3>

<ul>
<li>Some work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook</li>
<li>These <a href="http://www.shiningsilence.com/dbsdlog/2014/01/10/13132.html" rel="nofollow noopener">couple of posts</a> detail some of the things he's got working so far</li>
<li>Changes were needed to the boot process, trackpad and wifi drivers needed updating...</li>
<li>Also includes a guide written by Dillon on how to get yours working
***</li>
</ul>

<h3><a href="http://kazarka.com/index.php?section=spiderinabox" rel="nofollow noopener">Spider in a box</a></h3>

<ul>
<li>"Spiderinabox" is a new OpenBSD-based project</li>
<li>Using a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X</li>
<li>Firefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way</li>
<li>The developer is looking for testers on other operating systems!
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-3/" rel="nofollow noopener">PCBSD weekly digest</a></h3>

<ul>
<li>PCBSD 10 has entered into the code freeze phase</li>
<li>They're focusing on fixing bugs now, rather than adding new features</li>
<li>The update system got a lot of improvements</li>
<li>PBI load times reduced by up to 40%! what!!!
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s25zbSPtcm" rel="nofollow noopener">Scott writes in</a></li>
<li><a href="http://slexy.org/view/s2EarxbZz1" rel="nofollow noopener">Chris writes in</a></li>
<li><a href="http://slexy.org/view/s2MWKxtWxF" rel="nofollow noopener">SW writes in</a></li>
<li><a href="http://slexy.org/view/s20kzex2qm" rel="nofollow noopener">Ole writes in</a></li>
<li><a href="http://slexy.org/view/s2858Ph4o0" rel="nofollow noopener">Gertjan writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20140106055302" rel="nofollow noopener">OpenBSD automatic installation</a></h3>

<ul>
<li>A CFT (call for testing) was posted for OpenBSD's new automatic installer process</li>
<li>Using this new system, you can spin up fully-configured OpenBSD installs very quickly</li>
<li>It will answer all the questions for you and can put files into place and start services</li>
<li>Great for large deployments, help test it and report your findings
***</li>
</ul>

<h3><a href="https://www.youtube.com/channel/UCL09rVicvyZrqe-I2LP5Vyg/videos" rel="nofollow noopener">FreeNAS install guide and blog posts</a></h3>

<ul>
<li>A multipart series on YouTube about installing FreeNAS</li>
<li>In part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware</li>
<li>In part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools</li>
<li>He pronounces gigabytes as jiggabytes and it's hilarious</li>
<li>We've also got an <a href="http://enoriver.net/index.php/2014/01/11/freenas-works-as-advertised/" rel="nofollow noopener">unrelated blog post</a> about a very satisfied FreeNAS user who details his setup</li>
<li>As well as <a href="http://devinteske.com/freenas-development/" rel="nofollow noopener">another blog post</a> from our old pal <a href="http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities" rel="nofollow noopener">Devin Teske</a> about his recent foray into the FreeNAS development world
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2014-January/076800.html" rel="nofollow noopener">FreeBSD 10.0-RC5 is out</a></h3>

<ul>
<li>Another, unexpected RC is out for 10.0</li>
<li>Minor fixes included, please help test and report any bugs</li>
<li>You can update via freebsd-update or from source</li>
<li>Hopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about</li>
<li>It's been <a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=260664" rel="nofollow noopener">tagged -RELEASE</a> in SVN already too!
***</li>
</ul>

<h3><a href="http://marc.info/?l=openbsd-cvs&amp;m=138952598914052&amp;w=2" rel="nofollow noopener">OpenBSD 5.5-beta is out</a></h3>

<ul>
<li>Theo updated the branch status to 5.5-beta</li>
<li>A <a href="http://www.openbsd.org/plus.html" rel="nofollow noopener">list of changes</a></li>
<li><a href="http://ftp.openbsd.org/pub/OpenBSD/snapshots/" rel="nofollow noopener">Help test</a> and report any bugs you find</li>
<li>Lots of rapid development with signify (which we mentioned last week), the beta includes some "test keys"</li>
<li>Does that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon)
***</li>
</ul>

<h2>Interview - Neel Natu &amp; Peter Grehan - <a href="mailto:neel@freebsd.org" rel="nofollow noopener">neel@freebsd.org</a> &amp; <a href="mailto:grehan@freebsd.org" rel="nofollow noopener">grehan@freebsd.org</a></h2>

<p>BHyVe - the BSD hypervisor</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/bhyve" rel="nofollow noopener">Virtualization with bhyve</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html" rel="nofollow noopener">Hostname canonicalisation in OpenSSH</a></h3>

<ul>
<li>Blog post from our friend <a href="http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline" rel="nofollow noopener">Damien Miller</a></li>
<li>This new feature allows clients to canonicalize unqualified domain names</li>
<li>SSH will know if you typed "ssh bsdnow" you meant "ssh bsdnow.tv" with new config options</li>
<li>This will help clean up some ssh configs, especially if you have many hosts</li>
<li>Should make it into OpenSSH 6.5, which is "due really soon"
***</li>
</ul>

<h3><a href="http://www.shiningsilence.com/dbsdlog/2014/01/07/13078.html" rel="nofollow noopener">Dragonfly on a Chromebook</a></h3>

<ul>
<li>Some work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook</li>
<li>These <a href="http://www.shiningsilence.com/dbsdlog/2014/01/10/13132.html" rel="nofollow noopener">couple of posts</a> detail some of the things he's got working so far</li>
<li>Changes were needed to the boot process, trackpad and wifi drivers needed updating...</li>
<li>Also includes a guide written by Dillon on how to get yours working
***</li>
</ul>

<h3><a href="http://kazarka.com/index.php?section=spiderinabox" rel="nofollow noopener">Spider in a box</a></h3>

<ul>
<li>"Spiderinabox" is a new OpenBSD-based project</li>
<li>Using a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X</li>
<li>Firefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way</li>
<li>The developer is looking for testers on other operating systems!
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-3/" rel="nofollow noopener">PCBSD weekly digest</a></h3>

<ul>
<li>PCBSD 10 has entered into the code freeze phase</li>
<li>They're focusing on fixing bugs now, rather than adding new features</li>
<li>The update system got a lot of improvements</li>
<li>PBI load times reduced by up to 40%! what!!!
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s25zbSPtcm" rel="nofollow noopener">Scott writes in</a></li>
<li><a href="http://slexy.org/view/s2EarxbZz1" rel="nofollow noopener">Chris writes in</a></li>
<li><a href="http://slexy.org/view/s2MWKxtWxF" rel="nofollow noopener">SW writes in</a></li>
<li><a href="http://slexy.org/view/s20kzex2qm" rel="nofollow noopener">Ole writes in</a></li>
<li><a href="http://slexy.org/view/s2858Ph4o0" rel="nofollow noopener">Gertjan writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
  </channel>
</rss>
