This episode was brought to you by

Headlines

BSD Devroom CFP

• This year's FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom
• They've issued a call for papers on anything BSD-related, and we always love more presentations
• If you're in the Belgium area or plan on going, submit a talk about something cool you're doing
• There's also a mailing list and some more information in the original post ***

Bhyve SVM code merge

• The bhyve_svm code has been in the "projects" tree of FreeBSD, but is now ready for -CURRENT
• This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only
• All the supported operating systems and utilities should work on both now
• One thing to note: bhyve doesn't support PCI passthrough on AMD just yet
• There may still be some issues though ***

NetBSD at Open Source Conference Tokyo

• The Japanese NetBSD users group held a booth at another recent open source conference
• As always, they were running NetBSD on everything you can imagine
• One of the users reports back to the mailing list on their experience, providing lots of pictures and links
• Here's an interesting screenshot of NetBSD running various other BSDs in Xen ***

More BSD switchers every day

• A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community
• Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect
• So far, he's found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion
• There's also another semi-related thread about another Linux user wanting to switch to BSD because of systemd and GNU people
• There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read
• Maybe the OPs should've just watched this show ***

Interview - Olivier Cochard-Labbé - olivier@cochard.me / @ocochardlabbe

The BSD Router Project

News Roundup

FreeBSD -CURRENT on a T420

• Thinkpads are quite popular with BSD developers and users
• Most of the hardware seems to be supported across the BSDs (especially wifi)
• This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI
• If you've got a Thinkpad, or especially this specific one, have a look at some of the steps involved ***

FreeNAS on a Supermicro 5018A-MHN4

• More and more people are migrating their NAS devices to BSD-based solutions
• In this post, the author goes through setting up FreeNAS on some of his new hardware
• His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor
• The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures) ***

Hardening procfs and linprocfs

• There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux
• There exists a native procfs in FreeBSD, which was the target point of that exploit, but it's not used very often
• The Linux emulation layer also supports its own linprocfs, which was affected as well
• The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs
• If you want to learn more about ASLR and HardenedBSD, be sure to check out our interview with Shawn too ***

pfSense monitoring with bandwidthd

• A lot of people run pfSense on their home network, and it's really useful to monitor the bandwidth usage
• This article will walk you through setting up bandwidthd to do exactly that
• bandwidthd monitors based on the IP address, rather than per-interface
• It can also build some cool HTML graphs, and we love those pfSense graphs
• Have a look at our bandwidth monitoring and testing tutorial for some more ideas ***

Feedback/Questions

• Dave writes in
• Chris writes in
• Zeke writes in
• Bostjan writes in
• Patrick writes in ***

Mailing List Gold

• More old bugs
• The Right Font™ (see also) ***

This episode was brought to you by

Headlines

PIE and ASLR in FreeBSD update

• A status update for Shawn Webb's ASLR and PIE work for FreeBSD
• One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree
• "FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support"
• If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf
• The next step is working on the ASLR coding style and getting more developers to look through it
• Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR ***

Misc. pfSense news

• Couple of pfSense news items this week, including some hardware news
• Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once
• To make that process faster, they're building a controllable power board (and include some cool pics)
• There will be more info on that device a bit later on
• On Friday, June 27th, there will be another video session (for paying customers only...) about virtualized firewalls
• pfSense University, a new paid training course, was also announced
• A single two-day class costs $2000, ouch ***

ZFS stripe width

• A new blog post from Matt Ahrens about ZFS stripe width
• "The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice"
• Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages
• He covers best performance on random IOPS, best reliability, and best space efficiency use cases
• It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor ***

FreeBSD 9.3-BETA3 released

• The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release
• This is expected to be the final BETA, next will come the RCs
• There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20)
• The FreeBSD foundation has a blog post about it too
• There's a list of changes between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits ***

Interview - Bryce Chidester - brycec@devio.us / @brycied00d

Running a BSD shell provider

Tutorial

Chaining SSH connections

News Roundup

My FreeBSD adventure

• A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings
• After ruling out PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on
• In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things
• So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux
• Might be an interesting, ongoing series we can follow up on later ***

Even more BSDCan trip reports

• BSDCan may be over until next year, but trip reports are still pouring in
• This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation
• He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that
• Nice long post about all of his experiences at the event, definitely worth a read
• He even talks about... the food ***

FreeBSD disk partitioning

• For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification
• This erupted into a very long discussion about fdisk vs gnop vs gpart
• So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post
• It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools ***

BSD Router Project version 1.51

• A new version of the BSD Router Project has been released, 1.51
• It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE
• Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere
• Check the sourceforge page for the complete list of changes
• Bad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated ***

Feedback/Questions

• Fongaboo writes in
• David writes in
• Kristian writes in ***

Headlines

Getting to know your portmgr

• In this interview they talk to one of the "Annoying Reminder Guys" - Erwin Lansing, the second longest serving member of FreeBSD's portmgr (also vice-president of the FreeBSD Foundation)
• He actually maintains the .dk ccTLD
• Describes FreeBSD as "the best well-hidden success story in operating systems, by now in the hands of more people than one can count and used by even more people, and not one of them knows it! It’s not only the best operating system currently around, but also the most supportive and inspiring community."
• In the next one they speak with Martin Wilke (miwi@)
• The usual, "what inspires you about FreeBSD" "how did you get into it" etc. ***

vBSDCon wrap-up compilation

• Lots of write-ups about vBSDCon gathered in one place
• Some from OpenBSD guys
• Some from FreeBSD guys
• Some from RootBSD
• Some from iXsystems
• Some from Verisign
• And of course our own wrap-up chat in BSD Now Episode 009 ***

Faces of FreeBSD

• This week they talk to Gábor Páli from Hungary
• Talks about his past as a game programmer and how it got involved with FreeBSD
• "I met János Háber, who admired the technical merits of FreeBSD and recommended it over the popular GNU/Linux distributions. I downloaded FreeBSD 4.3-RELEASE, found it reliable, consistent, easy to install, update and use."
• He's been contributing since 2008 and does lots of work with Haskell in ports
• He also organizes EuroBSDCon and is secretary of the FreeBSD Core Team ***

Dragonfly 3.6 released

• dports now default instead of pkgsrc
• Big SMP scaling improvements
• Experimental i915 and KMS support
• See our interview with Justin Sherrill if you want to hear (a lot) more about it - nearly an hour long ***

Interview - Jordan Hubbard - jkh@freebsd.org / @omgjkh

FreeBSD's founding and future

Tutorial

Building an OpenBSD router, part 2

• Note: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions. ***

News Roundup

pfSense 2.1 on AWS EC2

• We now have pfSense 2.1 available on Amazon’s Elastic Compute Cloud (EC2)
• In keeping with the community spirit, they’re also offering a free "public" AMI
• Check the FAQ and User Guide on their site for additional details
• Interesting possibilities with pfSense in the cloud ***

Puffy on the desktop

• Distrowatch, a primarily Linux-focused site, features an OpenBSD 5.4 review
• They talk about using it on the desktop, how to set it up
• Very long write-up, curious Linux users should give it a read
• Ends with "Most people will still see OpenBSD as an operating system for servers and firewalls, but OpenBSD can also be used in desktop environments if the user doesn't mind a little manual work. The payoff is a very light, responsive system that is unlikely to ever misbehave" ***

Two-factor authentication with SSH

• Blog post about using a yubikey with SSH public keys
• Uses a combination of a OTP, BSDAuth and OpenBSD's login.conf, but it can be used with PAM on other systems as well
• Allows for two-factor authentication (a la gmail) in case your private key is compromised
• Anyone interested in an extra-hardened SSH server should give it a read ***

PCBSD weekly digest

• 10.0 has approximately 400 PBIs for public consumption
• They will be merging the GNOME3, MATE and Cinnamon desktops into the 10.0 ports tree - please help test them, this is pretty big news in and of itself!
• PCDM is coming along nicely, more bugs are getting fixed
• Added ZFS dataset options to PCBSD’s new text installer front-end ***

Feedback/Questions

• Ben writes in
• Florian writes in
• Zach writes in
• Addison writes in
• Adam writes in
• Adam's BSD Router Project tutorial can be downloaded here. ***

Headlines

OpenSSH 6.4 released

• Security fixes in OpenSSH don't happen very often
• 6.4 fixes a memory corruption problem, no new features
• If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.
• Disabling AES-GCM in the server configuration is a workaround
• Only affects 6.2 and 6.3 if compiled against a newer OpenSSL (so FreeBSD 9's base OpenSSL is unaffected, for example)
• Full details here ***

Getting to know your portmgr-lurkers

• Next entry in portmgr interview series
• This time they chat with Mathieu Arnold, one of the portmgr-lurkers we mentioned previously
• Lots of questions ranging from why he uses BSD to what he had for breakfast
• Another one was since released, with Antoine Brodin aka antoine@ ***

FUSE in OpenBSD

• As we glossed over last week, FUSE was recently added to OpenBSD
• Now the guys from the OpenBSD Journal have tracked down more information
• This version is released under an ISC license
• Should be in OpenBSD 5.5, released a little less than 6 months from now
• Will finally enable things like SSHFS to work in OpenBSD ***

Automated submission of kernel panic reports

• New tool from Colin Percival
• Saves information about kernel panics and emails it to FreeBSD
• Lets you review before sending so you can edit out any private info
• Automatically encrypted before being sent
• FreeBSD never kernel panics so this won't get much use ***

Interview - Justin Sherrill - justin@dragonflybsd.org / @dragonflybsd

DragonflyBSD 3.6 and the Dragonfly Digest

Tutorial

Building an OpenBSD Router

News Roundup

BSD router project 1.5 released

• Nice timing for our router tutorial; TBRP is a FreeBSD distribution for installing on a router
• It's an alternative to pfSense, but not nearly as well known or popular
• New version is based on 9.2-RELEASE, includes lots of general updates and bugfixes
• Fits on a 256MB Compact Flash/USB drive ***

Curve25519 now default key exchange

• We mentioned in an earlier episode about a patch for curve25519
• Now it's become the default for key exchange
• Will probably make its way into OpenSSH 6.5, would've been in 6.4 if we didn't have that security vulnerability
• It's interesting to see all these big changes in cryptography in OpenBSD lately ***

FreeBSD kernel selection in boot menu

• Adds a kernel selection menu to the beastie menu
• List of kernels is taken from 'kernels' in loader.conf as a space or comma separated list of names to display (up to 9)
• From our good buddy Devin Teske ***

PCBSD weekly digest

• PCDM has officially replaced GDM as the default login manager
• New ISO build scripts (we got a sneak preview last week)
• Lots of bug fixes
• Second set of 10-STABLE ISOs available with new artwork and much more ***

Theo de Raadt speaking at MUUG

• Theo will be speaking at Manitoba UNIX User Group in Winnipeg
• On Friday, Nov 15, 2013 at 5:30PM (see show notes for the address)
• If you're watching the show live you have time to make plans, if you're watching the downloaded version it might be happening right now!
• No agenda, but expect some OpenBSD discussion ***

Feedback/Questions

• Dave writes in
• James writes in
• Allen writes in
• Chess writes in
• Frank writes in ***