This episode was brought to you by

Headlines

Enabling FreeBSD on AArch64

• One of the things the FreeBSD foundation has been dumping money into lately is ARM64 support, but we haven't heard too much about it - this article should change that
• Since it's on a mainstream ARM site, the article begins with a bit of FreeBSD history, leading up to the current work on ARM64
• There's also a summary of some of the ARM work done at this year's BSDCan, including details about running it on the Cavium ThunderX platform (which has 48 cores)
• As of just a couple months ago, dtrace is even working on this new architecture
• Come 11.0-RELEASE, the plan is for ARM64 to get the same "tier 1" treatment as X86, which would imply binary updates for base and ports - something Raspberry Pi users often complain about not having ***

OpenBSD's tcpdump detailed

• Most people are probably familiar with tcpdump, a very useful packet sniffing and capturing utility that's included in all the main BSD base systems
• This video guide is specifically about the version in OpenBSD, which has gone through some major changes (it's pretty much a fork with no version number anymore)
• Unlike on the other platforms, OpenBSD's tcpdump will always run in a chroot as an unprivileged user - this has saved it from a number of high-profile exploits
• It also has support for the "pf.os" system, allowing you to filter out operating system fingerprints in the packet captures
• There's also PF (and pflog) integration, letting you see which line in your ruleset triggered a specific match
• Being able to run tcpdump directly on your router is pretty awesome for troubleshooting ***

More FreeBSD foundation at BSDCan

• The FreeBSD foundation has another round of trip reports from this year's BSDCan
• First up is Kamil Czekirda, who gives a good summary of some of the devsummit, FreeBSD-related presentations, some tutorials, getting freebsd-update bugs fixed and of course eating cake
• A second post from Christian Brueffer, who cleverly planned ahead to avoid jetlag, details how he got some things done during the FreeBSD devsummit
• Their third report is from our buddy Warren Block, who (unsurprisingly) worked on a lot of documentation-related things, including getting more people involved with writing them
• In true doc team style, his report is the most well-written of the bunch, including lots of links and a clear separation of topics (doc lounge, contributing to the wiki, presentations...)
• Finally, the fourth one comes to us from Shonali Balakrishna, who also gives an outline of some of the talks
• "Not only does a BSD conference have way too many very smart people in one room, but also some of the nicest." ***

DragonFly on the Chromebook C720

• If you've got one of the Chromebook laptops and weren't happy with the included OS, DragonFlyBSD might be worth a go
• This article is a "mini-report" on how DragonFly functions on the device as a desktop, and
• While the 2GB of RAM proved to be a bit limiting, most of the hardware is well-supported
• DragonFly's wiki has a full guide on getting set up on one of these devices as well ***

Interview - David Meyer - info@xinuos.com / @xinuos

Xinuos, BSD license model vs. others, community interaction

News Roundup

Introducing LiteBSD

• We definitely don't talk about 4.4BSD a lot on the show
• LiteBSD is "a variant of [the] 4.4BSD operating system adapted for microcontrollers"
• If you've got really, really old hardware (or are working in the embedded space) then this might be an interesting hobby project to look info ***

HardenedBSD announces ASLR completion

• HardenedBSD, now officially a full-on fork of FreeBSD, has declared their ASLR patchset to be complete
• The latest and last addition to the work was VDSO (Virtual Dynamic Shared Object) randomization, which is now configurable with a sysctl
• This post gives a summary of the six main features they've added since the beginning
• Only a few small things are left to do - man page cleanups, possibly shared object load order improvements ***

Unlock the reaper

• In the ongoing quest to make more of OpenBSD SMP-friendly, a new patch was posted that unlocks the reaper in the kernel
• When there's a zombie process causing a resource leak, it's the reaper's job to deallocate their resources (and yes we're still talking about computers, not horror movies)
• Initial testing has yielded positive results and no regressions
• They're looking for testers, so you can install a -current snapshot and get it automatically
• An updated version of the patch is coming soon too
• A hackathon is going on right now, so you can expect more SMP improvements in the near future ***

The importance of mentoring

• Adrian Chadd has a blog post up about mentoring new users, and it tells the story of how he originally got into FreeBSD
• He tells the story of, at age 11, meeting someone else who knew about making crystal sets that became his role model
• Eventually we get to his first FreeBSD 1.1 installation (which he temporarily abandoned for Linux, since it didn't have a color "ls" command) and how he started using the OS
• Nowadays, there's a formal mentoring system in FreeBSD
• While he talks about FreeBSD in the post, a lot of the concepts apply to all the BSDs (or even just life in general) ***

Feedback/Questions

• Sean writes in
• Herminio writes in
• Stuart writes in
• Richard writes in ***

This episode was brought to you by

Headlines

Optimizing TLS for high bandwidth applications

• Netflix has released a report on some of their recent activities, pushing lots of traffic through TLS on FreeBSD
• TLS has traditionally had too much overhead for the levels of bandwidth they're using, so this pdf outlines some of their strategy in optimizing it
• The sendfile() syscall (which nginx uses) isn't available when data is encrypted in userland
• To get around this, Netflix is proposing to add TLS support to the FreeBSD kernel
• Having encrypted movie streams would be pretty neat ***

Crypto in unexpected places

• OpenBSD is somewhat known for its integrated cryptography, right down to strong randomness in every place you could imagine (process IDs, TCP initial sequence numbers, etc)
• One place you might not expect crypto to be used (or even needed) is in the "ping" utility, right? Well, think again
• David Gwynne recently committed a change that adds MAC to the ping timestamp payload
• By default, it'll be filled with a ChaCha stream instead of an unvarying payload, and David says "this lets us have some confidence that the timestamp hasn't been damaged or tampered with in transit"
• Not only is this a security feature, but it should also help detect dodgy or malfunctioning network equipment going forward
• Maybe we can look forward to a cryptographically secure "echo" command next... ***

Broadwell in DragonFly

• The DragonFlyBSD guys have started a new page on their wiki to discuss Broadwell hardware and its current status
• Matt Dillon, the project lead, recently bought some hardware with this chipset, and lays out what works and what doesn't work
• The two main show-stoppers right now are the graphics and wireless, but they have someone who's already making progress with the GPU support
• Wireless support will likely have to wait until FreeBSD gets it, then they'll port it back over
• None of the BSDs currently have full Broadwell support, so stay tuned for further updates ***

DIY NAS software roundup

• In this blog post, the author compares a few different software solutions for a network attached storage device
• He puts FreeNAS, one of our favorites, up against a number of opponents - both BSD and Linux-based
• NAS4Free gets an honorable mention as well, particularly for its lower hardware requirements and sleek interface
• If you've been thinking about putting together a NAS, but aren't quite comfortable enough to set it up by yourself yet, this article should give you a good view of the current big names
• Some competition is always good, gotta keep those guys on their toes ***

Interview - Antoine Jacoutot - ajacoutot@openbsd.org / @ajacoutot

OpenBSD at M:Tier, business adoption of BSD, various topics

News Roundup

OpenBSD on DigitalOcean

• When DigitalOcean rolled out initial support for FreeBSD, it was a great step in the right direction - we hoped that all the other BSDs would soon follow
• This is not yet the case, but a blog article here has details on how you can install OpenBSD (and likely the others too) on your VPS
• Using a -current snapshot and some swapfile trickery, it's possible to image an OpenBSD ramdisk installer onto an unmounted portion of the virtual disk
• After doing so, you just boot from their web UI-based console and can perform a standard installation
• You will have to pay special attention to some details of the disk layout, but this article takes you through the entire process step by step ***

Initial ARM64 support lands in FreeBSD

• The ARM64 architecture, sometimes called ARMv8 or AArch64, is a new generation of CPUs that will mostly be in embedded devices
• FreeBSD has just gotten support for this platform in the -CURRENT branch
• Previously, it was only the beginnings of the kernel and enough bits to boot in QEMU - now a full build is possible
• Work should now start happening in the main source code tree, and hopefully they'll have full support in a branch soon ***

Scripting with least privilege

• A new scripting language with a focus on privilege separation and running with only what's absolutely needed has been popular in the headlines lately
• Shell scripts are used everywhere today: startup scripts, orchestration scripts for mass deployment, configuring and compiling software, etc.
• Shill aims to answer the questions "how do we limit the authority of scripts" and "how do we determine what authority is necessary" by including a declarative security policy that's checked and enforced by the language runtime
• If used on FreeBSD, Shill will use Capsicum for sandboxing
• You can find some more of the technical information in their documentation pdf or watch their USENIX presentation video
• Hacker News also had some discussion on the topic ***

OpenBSD first impressions

• A brand new BSD user has started documenting his experience through a series of blog posts
• Formerly a Linux guy, he's tried out FreeBSD and OpenBSD so far, and is currently working on an OpenBSD desktop
• The first post goes into why he chose BSD at all, why he's switching away from Linux, how the initial transition has been, what you'll need to relearn and what he's got planned going forward
• He's only been using OpenBSD for a few days as of the time this was written - we don't usually get to hear from people this early in on their BSD journey, so it offers a unique perspective ***

PCBSD and 4K oh my!

• Yesterday, Kris got ahold of some 4K monitor hardware to test PC-BSD out
• The short of it - It works great!
• Minor tweaks being made to some of the PC-BSD defaults to better accommodate 4K out of box
• This particular model monitor ships with DisplayPort set to 1.1 mode only, switching it to 1.2 mode enables 60Hz properly ***

Feedback/Questions

• Darin writes in
• Mitch writes in ***

Discussion

Comparison of BSD release cycles

• FreeBSD, OpenBSD, NetBSD and DragonFlyBSD ***