NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

FreeBSD 14

• [Quick update](https://www.daemonology.net/blog/2023-11-21-late-breaking-FreeBSD-14-breakage.html)
• [Vermaden’s FreeBSD 14 valuable news] (https://vermaden.wordpress.com/2023/11/17/valuable-freebsd-14-0-release-updates)

News Roundup

Reading your RSS feed on FreeBSD

Manipulate PDF files easily with pdftk

clang(1)/llvm updated to version 16

NetBSD Security Advisory 2023-007: multiple vulnerabilities in ftpd(8)

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Brad - zpool disk allocation questions

• Kevin - shell question

  ---

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

  ---

Headlines

DragonFlyBSD's Kernel Optimizations Are Paying Off

DragonFlyBSD lead developer Matthew Dillon has been working on a big VM rework in the name of performance and other kernel improvements recently. Here is a look at how those DragonFlyBSD 5.5-DEVELOPMENT improvements are paying off compared to DragonFlyBSD 5.4 as well as FreeBSD 12 and five Linux distribution releases. With Dillon using an AMD Ryzen Threadripper system, we used that too for this round of BSD vs. Linux performance benchmarks.
The work by Dillon on the VM overhaul and other changes (including more HAMMER2 file-system work) will ultimately culminate with the DragonFlyBSD 5.6 release (well, unless he opts for DragonFlyBSD 6.0 or so). These are benchmarks of the latest DragonFlyBSD 5.5-DEVELOPMENT daily ISO as of this week benchmarked across DragonFlyBSD 5.4.3 stable, FreeBSD 12.0, Ubuntu 19.04, Red Hat Enterprise Linux 8.0, Debian 9.9, Debian Buster, and CentOS 7 1810 as a wide variety of reference points both from newer and older Linux distributions. (As for no Clear Linux reference point for a speedy reference point, it currently has a regression with AMD + Samsung NVMe SSD support on some hardware, including this box, prohibiting the drive from coming up due to a presumed power management issue that is still being resolved.)
With Matthew Dillon doing much of his development on an AMD Ryzen Threadripper system after he last year proclaimed the greatness of these AMD HEDT CPUs, for this round of testing I also used a Ryzen Threadripper 2990WX with 32 cores / 64 threads. Tests of other AMD/Intel hardware with DragonFlyBSD will come as the next stable release is near and all of the kernel work has settled down. For now it's mostly entertaining our own curiosity how well these DragonFlyBSD optimizations are paying off and how it's increasing the competition against FreeBSD 12 and Linux distributions.

---

What are the differences between OpenBSD and Linux?

Maybe you have been reading recently about the release of OpenBSD 6.5 and wonder, "What are the differences between Linux and OpenBSD?"
I've also been there at some point in the past and these are my conclusions.
They also apply, to some extent, to other BSDs. However, an important disclaimer applies to this article.
This list is aimed at people who are used to Linux and are curious about OpenBSD. It is written to highlight the most important changes from their perspective, not the absolute most important changes from a technical standpoint.
Please bear with me.

• A terminal is a terminal is a terminal
• Practical differences
• Security and system administration
• Why philosophical differences matter
• So what do I choose?
• How to try OpenBSD ***

News Roundup

NetBSD 2019 Google Summer of Code

We are very happy to announce The NetBSD Foundation Google Summer of Code 2019 projects:

• Akul Abhilash Pillai - Adapting TriforceAFL for NetBSD kernel fuzzing
• Manikishan Ghantasala - Add KNF (NetBSD style) clang-format configuration
• Siddharth Muralee - Enhancing Syzkaller support for NetBSD
• Surya P - Implementation of COMPAT_LINUX and COMPAT_NETBSD32 DRM ioctls support for NetBSD kernel
• Jason High - Incorporation of Argon2 Password Hashing Algorithm into NetBSD
• Saurav Prakash - Porting NetBSD to HummingBoard Pulse
• Naveen Narayanan - Porting WINE to amd64 architecture on NetBSD

The communiting bonding period - where students get in touch with mentors and community - started yesterday. The coding period will start from May 27 until August 19.
Please welcome all our students and a big good luck to students and mentors! A big thank to Google and The NetBSD Foundation organization mentors and administrators! Looking forward to a great Google Summer of Code!

Reducing that contention

The opening keynote at EuroBSDCon 2016 predicted the future 10 years of BSDs. Amongst all the funny previsions, gnn@FreeBSD said that by 2026 OpenBSD will have its first implementation of SMP. Almost 3 years after this talk, that sounds like a plausible forecast... Why? Where are we? What can we do? Let's dive into the issue!

• State of affairs

Most of OpenBSD's kernel still runs under a single lock, ze KERNEL_LOCK(). That includes most of the syscalls, most of the interrupt handlers and most of the fault handlers. Most of them, not all of them. Meaning we have collected & fixed bugs while setting up infrastructures and examples. Now this lock remains the principal responsible for the spin % you can observe in top(1) and systat(1).
I believe that we opted for a difficult hike when we decided to start removing this lock from the bottom. As a result many SCSI & Network interrupt handlers as well as all Audio & USB ones can be executed without big lock. On the other hand very few syscalls are already or almost ready to be unlocked, as we incorrectly say. This explains why basic primitives like tsleep(9), csignal() and selwakeup() are only receiving attention now that the top of the Network Stack is running (mostly) without big lock.

• Next steps

In the past years, most of our efforts have been invested into the Network Stack. As I already mentioned it should be ready to be parallelized. However think we should now concentrate on removing the KERNEL_LOCK(), even if the code paths aren't performance critical.

• See the Article for the rest of the post

fnaify 1.3 released - more games are "fnaify & run" now

This release finally addresses some of the problems that prevent simple running of several games.
This happens for example when an old FNA.dll library comes with the games that doesn't match the API of our native libraries like SDL2, OpenAL, or MojoShader anymore. Some of those cases can be fixed by simply dropping in a newer FNA.dll. fnaify now asks if FNA 17.12 should be automatically added if a known incompatible FNA version is found. You simply answer yes or no.

Another blocker happens when the game expects to check the SteamAPI - either from a running Steam process, or a bundled steam_api library. OpenBSD 6.5-current now has steamworks-nosteam in ports, a stub library for Steamworks.NET that prevents games from crashing simply because an API function isn't found. The repo is here. fnaify now finds this library in /usr/local/share/steamstubs and uses it instead of the bundled (full) Steamworks.NET.dll.
This may help with any games that use this layer to interact with the SteamAPI, mostly those that can only be obtained via Steam.

vmctl(8): command line syntax changed

The order of the arguments in the create, start, and stop commands of vmctl(8) has been changed to match a commonly expected style. Manual usage or scripting with vmctl must be adjusted to use the new syntax.
For example, the old syntax looked like this:

# vmctl create disk.qcow2 -s 50G

The new syntax specifies the command options before the argument:

# vmctl create -s 50G disk.qcow2

Something that Linux distributions should not do when packaging things

Right now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.
For reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup on both my home and office Fedora Linux machines (among other things, it gives me a place to test out various things involving them). When I set this up, I used the official upstream versions of both, because I needed to match what we are running (or would soon be).
Recently, Fedora decided to package Grafana themselves (as a RPM), and they called this RPM package 'grafana'. Since the two different packages are different versions of the same thing as far as package management tools are concerned, Fedora basically took over the 'grafana' package name from Grafana. This caused my systems to offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after taking reasonable steps to make sure that the Fedora version of 6.1.6 was compatible with the file layouts and so on from the Grafana version of 6.1.5.
Why is this a problem? It's simple. If you're going to take over a package name from the upstream, you should keep up with the upstream releases. If you take over a package name and don't keep up to date or keep up to date only sporadically, you cause all sorts of heartburn for system administrators who use the package. The least annoying future of this situation is that Fedora has abandoned Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream 6.2.1, which will hopefully be a transparent replacement and not blow up in my face. The most annoying future is that Fedora and Grafana keep ping-ponging versions back and forth, which will make 'dnf upgrade' into a minefield (because it will frequently try to give me a 'grafana' upgrade that I don't want and that would be dangerous to accept). And of course this situation turns Fedora version upgrades into their own minefield, since now I risk an upgrade to Fedora 30 actually reverting the 'grafana' package version on me.

---

Beastie Bits

• [talk] ZFS v UFS on APU2 msata SSD with FreeBSD
• NetBSD 8.1 is out
• lazyboi – the laziest possible way to send raw HTTP POST data
• A Keyboard layout that changes by markov frequency
• Open Source Game Clones
• EuroBSDcon program & registration open ***

Feedback/Questions

• John - A segment idea
• Johnny - Audio only format please don't
• Alex - Thanks and some Linux Snaps vs PBI feedback

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

This episode was brought to you by

Headlines

LUKS in OpenBSD

• Last week, we were surprised to find out that DragonFlyBSD has support for dm-crypt, sometimes referred to as LUKS (Linux Unified Key Setup)
• It looks like they might not be the only BSD with support for it for much longer, as OpenBSD is currently reviewing a patch for it as well
• LUKS would presumably be an additional option in OpenBSD's softraid system, which already provides native disk encryption
• Support hasn't been officially committed yet, it's still going through testing, but the code is there if you want to try it out and report your findings
• If enabled, this might pave the way for the first (semi-)cross platform encryption scheme since the demise of TrueCrypt (and maybe other BSDs will get it too in time) ***

FreeBSD gets 64bit Linux emulation

• For those who might be unfamiliar, FreeBSD has an emulation layer to run Linux-only binaries (as rare as they may be)
• The most common use case is for desktop users, enabling them to run proprietary applications like Adobe Flash or Skype
• Similar systems can also be found in NetBSD and OpenBSD (though disabled by default on the latter)
• However, until now, it's only supported binaries compiled for the i386 architecture
• This new update, already committed to -CURRENT, will open some new possibilities that weren't previously possible
• Meanwhile, HardenedBSD considers removing the emulation layer entirely ***

BSD at Open Source Conference 2015 Nagoya

• We've covered the Japanese NetBSD users group setting up lots of machines at various conferences in the past, but now they're expanding
• Their latest report includes many of the NetBSD things you'd expect, but also a couple OpenBSD machines
• Some of the NetBSD ones included a Power Mac G4, SHARP NetWalker, Cubieboard2 and the not-so-foreign Raspberry Pi
• One new addition of interest is the OMRON LUNA88k, running the luna88k port of OpenBSD
• There was even an old cell phone running Windows games on NetBSD
• Check the mailing list post for some links to all of the nice pictures ***

LLVM introduces OpenMP support

• One of the things that has kept some people in the GCC camp is the lack of OpenMP support in LLVM
• According to the blog post, it "enables Clang users to harness full power of modern multi-core processors with vector units"
• With Clang being the default in FreeBSD, Bitrig and OS X, and with some other BSDs exploring the option of switching, the need for this potential speed boost was definitely there
• This could also open some doors for more BSD in the area of high performance computing, putting an end to the current Linux monopoly ***

Interview - Eric, FSF, John, Jose, Kris and Stewart

Various "man on the street" style mini-interviews

News Roundup

BSD-licensed gettext replacement

• If you've ever installed ports on any of the BSDs, you've probably had GNU's gettext pulled in as a dependency
• Wikipedia says "gettext is an internationalization and localization (i18n) system commonly used for writing multilingual programs on Unix-like computer operating systems"
• A new BSD-licensed rewrite has begun, with the initial version being for NetBSD (but it's likely to be portable)
• If you've got some coding skills, get involved with the project - the more freely-licensed replacements, the better ***

Unix history git repo

• A git repository was recently created to show off some Unix source code history
• The repository contains 659 thousand commits and 2306 merges
• You can see early 386BSD commits all the way up to some of the more modern FreeBSD code
• If you want to browse through the giant codebase, it can be a great history lesson ***

PCBSD 10.1.2 and Lumina updates

• We mentioned 10.1.1 being released last week (and all the cool features a couple weeks before) but now 10.1.2 is out
• This minor update contained a few hotfixes: RAID-Z installation, cache and log devices and the text-only installer in UEFI mode
• There's also a new post on the PCBSD blog about Lumina, answering some frequently asked questions and giving a general status update ***

Feedback/Questions

• Jake writes in
• Van writes in
• Anonymous writes in
• Dominik writes in (text answer)
• Chris writes in ***

Mailing List Gold

• Death by chocolate ***

This episode was brought to you by

Headlines

Solaris' networking future is with OpenBSD

• A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
• It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
• For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
• What's more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
• This blog post goes through some of the backstory of the two firewalls
• PF is in a lot of places - other BSDs, Mac OS X and iOS - but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
• "Many of the world's largest corporations and government agencies are heavy Solaris users, meaning that even if you're neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD's PF for their filtering needs, we will all be benefiting even more from the OpenBSD project's emphasis on correctness, quality and security"
• You're welcome, Oracle ***

BAFUG discussion videos

• The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
• Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
• Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
• Lastly, Kip Macy gave a talk titled "network stack changes, user-level FreeBSD"
• The main two subjects there are some network stack changes, and how to get more people contributing, but there's also open discussion about a variety of FreeBSD topics
• If you're close to the Bay Area in California, be sure to check out their group and attend a meeting sometime ***

More than just a makefile

• If you're not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
• This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
• As it turns out, the ports system really isn't that different from a binary package manager - they are what's used to create binary packages, after all
• The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
• After that, he shows you how to get your new port tested, if you're interesting in doing some porting yourself, and getting involved with the rest of the community
• This post is very long and there's a lot more to it, so check it out (and more discussion on Hacker News) ***

Securing your home fences

• Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
• We hear from a lot of users who want to set up some kind of BSD-based firewall, but don't hear back from them after they've done it.. until now
• In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
• He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
• The post covers all the hardware you'll need, getting the OS installed to a flash drive or SD card and going through the whole process
• Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
• If you don't have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
• We love super-detailed guides like this, so everyone should write more and send them to us immediately ***

Interview - Pascal Stumpf - pascal@openbsd.org

Static PIE in OpenBSD

News Roundup

LLVM's new libFuzzer

• We've discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
• It looks like LLVM is going to have their own fuzzing tool too now
• The Clang and LLVM guys are no strangers to this type of code testing, but decided to "close the loop" and start fuzzing parts of LLVM (including Clang) using LLVM itself
• With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future ***

HardenedBSD upgrades secadm

• The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
• We covered both the secadm tool and integriforce in previous episodes, but the short version is that it's a way to prevent files from being altered (even as root)
• Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now ***

RAID5 returns to OpenBSD

• OpenBSD's softraid subsystem, somewhat similar to FreeBSD's GEOM, has had experimental RAID5 support for a while
• However, it was exactly that - experimental - and required a recompile to enable
• With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
• Now it's on by default, and there's a call for testing being put out, so grab a snapshot and put the code through its paces
• The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the "do you want to enable DUIDs?" question entirely ***

pkgng 1.5.0 released

• Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
• The "provides" and "requires" support is finally in a regular release
• A new "-r" switch will allow for direct installation to a chroot or alternate root directory
• Memory usage should be much better now, and some general code speed-ups were added
• This version also introduces support for Mac OS X, NetBSD and EdgeBSD - it'll be interesting to see if anything comes of that
• Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt) ***

p2k15 hackathon reports

• There was another OpenBSD hackathon that just finished up in the UK - this time it was mainly for ports work
• As usual, the developers sent in reports of some of the things they got done at the event
• Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
• Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn't provide any hardware documentation, as well as updating some of the games in ports
• Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all - he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier ***

Feedback/Questions

• Shaun writes in
• Hrishi writes in
• Randy writes in
• Zach writes in
• Ben writes in ***

Mailing List Gold

• Gstreamer hates us
• At least he's honest
• I find myself in a situation ***

This episode was brought to you by

Headlines

Bitrig 1.0 released

• If you haven't heard of it, Bitrig is a fork of OpenBSD that started a couple years ago
• According to their FAQ, some of their goals include: only supporting modern hardware and a limited set of CPU architectures, replacing nearly all GNU tools in base with BSD versions and having better virtualization support
• They've finally announced their first official release, 1.0
• This release introduces support for Clang 3.4, replacing the old GCC, along with libc++ replacing the GNU version
• It also includes filesystem journaling, support for GPT and - most importantly - a hacker-style console with green text on black background
• One of the developers answered some questions about it on Hacker News too ***

Is it time to try BSD?

• Here we get a little peek into the Linux world - more and more people are considering switching
• On a more mainstream tech news site, they have an article about people switching away from Linux and to BSD
• People are starting to get even more suspicious of systemd, and lots of drama in the Linux world is leading a whole new group of potential users over to the BSD side
• This article explores some pros and cons of switching, and features opinions of various users ***

Poudriere 3.1 released

• One of the first things we ever covered on the show was poudriere, a tool with a funny name that's used to build binary packages from FreeBSD ports
• It's come a long way since then, and bdrewery and bapt have just announced a new major version
• This new release features a redesigned web interface to check on the status of your packages
• There are lots of new bulk building options to preserve packages even if some fail to compile - this makes maintaining a production repo much easier
• It also introduces a useful new "pkgclean" subcommand to clean out your repository of packages that aren't needed anymore, and poudriere keeps it cleaner by default as well now
• Check the full release notes for all the additions and bug fixes ***

Firewalling with OpenBSD's pf and pfsync

• A talk by David Gwynne from an Australian conference was uploaded, with the subject matter being pf and pfsync
• He uses pf to manage 60 internal networks with a single firewall
• The talk gives some background on how pf originally came to be and some OpenBSD 101 for the uninitiated
• It also touches on different rulesets, use cases, configuration syntax, placing limits on connections, ospf, authpf, segregating VLANs, synproxy handling and a lot more
• The second half of the presentation focuses on pfsync and carp for failover and redundancy
• With two BSD boxes running pfsync, you can actually patch your kernel and still stay connected to IRC ***

Interview - Patrick Wildt - patrick@bitrig.org / @bitrig

The initial release of Bitrig

News Roundup

Infrastructural enhancements at NYI

• The FreeBSD foundation put up a new blog post detailing some hardware improvements they've recently done
• Their eastern US colocation is hosted at New York Internet, and is used for FTP mirrors, pkgng mirrors, and also as a place for developers to test things
• There've been fourteen machines purchased since July, and now FreeBSD boasts a total of sixty-eight physical boxes there
• This blog post goes into detail about how those servers are used and details some of the network topology ***

The long tail of MD5

• Our friend Ted Unangst is on a quest to replace all instances of MD5 in OpenBSD's tree with something more modern
• In this blog post, he goes through some of the different areas where MD5 still lives, and discovers how easy (or impossible) it would be to replace
• Through some recent commits, OpenBSD now uses SHA512 in some places that you might not expect
• Some other places require a bit more care… ***

DragonFly cheat sheet

• If you've been thinking of trying out DragonFlyBSD lately, this might make the transition a bit easier
• A user-created "cheat sheet" on the website lists some common answers to beginner questions
• The page features a walkthrough of the installer, some shell tips and workarounds for various issues
• At the end, it also has some things that new users can get involved with to help out ***

Experiences with an OpenBSD laptop

• A lot of people seem to be interested in trying out some form of BSD on their laptop, and this article details just that
• The author got interested in OpenBSD mostly because of the security focus and the fact that it's not Linux
• In this blog post, he goes through the steps of researching, installing, configuring, upgrading and finally actually using it on his Thinkpad
• He even gives us a mention as a good place to learn more about BSD, thanks! ***

PC-BSD Updates

• A call for testing of a new update system has gone out
• Conversion to Qt5 for utils has taken place ***

Feedback/Questions

• Chris writes in
• AJ writes in
• Dan writes in
• Jeff writes in ***

Mailing List Gold

• Over 440% faster
• The PF conundrum (edit: Allan misspoke about PF performance during this segment, apologies.)
• Violating bad standards
• apt-get rid of systemd ***

This episode was brought to you by

Headlines

OpenBSD 5.5 released

• If you ordered a CD set then you've probably had it for a little while already, but OpenBSD has formally announced the public release of 5.5
• This is one of the biggest releases to date, with a very long list of changes and improvements
• Some of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes... and a lot more
• The full list of changes is HUGE, be sure to read through it all if you're interested in the details
• If you're doing an upgrade from 5.4 instead of a fresh install, pay careful attention to the upgrade guide as there are some very specific steps for this version
• Also be sure to apply the errata patches on your new installations... especially those OpenSSL ones (some of which still aren't fixed in the other BSDs yet)
• On the topic of errata patches, the project is now going to also send them out (signed) via the announce mailing list, a very welcome change
• Congrats to the whole team on this great release - 5.6 is going to be even more awesome with "Libre"SSL and lots of other stuff that's currently in development ***

FreeBSD foundation funding highlights

• The FreeBSD foundation posts a new update on how they're spending the money that everyone donates
• "As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we've done to help FreeBSD become the most innovative, reliable, and high-performance operation system"
• During this spring, they want to highlight the new UEFI boot support and newcons
• There's a lot of details about what exactly UEFI is and why we need it going forward
• FreeBSD has also needed some updates to its console to support UTF8 and wide characters
• Hopefully this series will continue and we'll get to see what other work is being sponsored ***

OpenSSH without OpenSSL

• The OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional
• Since it won't have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security
• This version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES in counter mode and the new combination of the Chacha20 stream cipher with Poly1305 for packet integrity
• Key exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs
• No support for RSA, DSA or ECDSA public keys - only Ed25519
• It also includes a new buffer API and a set of wrappers to make it compatible with the existing API
• Believe it or not, this was planned before all the heartbleed craziness
• Maybe someday soon we'll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc, would be really neat ***

BSDMag's April 2014 issue is out

• The free monthly BSD magazine has got a new issue available for download
• This time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online
• Anyone can contribute to the magazine, just send the editors an email about what you want to write
• No Linux articles this time around, good ***

Interview - David Chisnall - theraven@freebsd.org

The LLVM/Clang switch, FreeBSD's core team, various topics

Tutorial

RAID in FreeBSD and OpenBSD

News Roundup

BSDTalk episode 240

• Our buddy Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest - mainly to talk about NTP and keeping reliable time
• Topics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round trip time, some of the recent NTP amplification attacks, the downsides to using UDP instead of TCP and... much more
• GNN also talks a little about the Precision Time Protocol and how it's different than NTP
• Two people we've interviewed talking to each other, awesome
• If you're interested in NTP, be sure to see our tutorial too ***

m2k14 trip reports

• We've got a few more reports from the recent OpenBSD hackathon in Morocco
• The first one is from Antoine Jacoutot (who is a key GNOME porter and gave us the screenshots for the OpenBSD desktop tutorial)
• "Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 unprepared about what I was going to do"
• He got lots of work done with ports and pushing GNOME-related patches back up to the main project, then worked on fixing ports' compatibility with LibreSSL
• Speaking of LibreSSL, there's an article all would-be portable version writers should probably read and take into consideration
• Jasper Adriaanse also writes about what he got done over there
• He cleaned up and fixed the puppet port to work better with OpenBSD ***

Why you should use FreeBSD on your cloud VPS

• Here we have a blog post from Atlantic, a VPS and hosting provider, about 10 reasons for using FreeBSD
• Starts off with a little bit of BSD history for those who are unfamiliar with it and only know Linux and Windows
• The 10 reasons are: community, stability, collaboration, ease of use, ports, security, ZFS, GEOM, sound and having lots of options
• The post goes into detail about each of them and why FreeBSD makes a great choice for a VPS OS ***

PCBSD weekly digest

• Big changes coming in the way PCBSD manages software
• The PBI system, AppCafe and related tools are all going to use pkgng now
• The AppCafe will no longer be limited to PBIs, so much more software will be easily available from the ports tree
• New rating system coming soon and much more ***

Feedback/Questions

• Martin writes in
• John writes in
• Alex writes in
• Goetz writes in
• Jarrad writes in ***

This episode was brought to you by

Headlines

FreeBSD foundation's 2013 fundraising results

• The FreeBSD foundation finally counted all the money they made in 2013
• $768,562 from 1659 donors
• Nice little blog post from the team with a giant beastie picture
• "We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon."
• A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook) ***

OpenSSH 6.5 released

• We mentioned the CFT last week, and it's finally here!
• New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519 (now the default when both clients support it)
• Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA
• Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can't even attempt to login lol~
• New bcrypt private key type, 500,000,000 times harder to brute force
• Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one
• Portable version already in FreeBSD -CURRENT, and ports
• Lots more bugfixes and features, see the full release note or our interview with Damien
• Work has already started on 6.6, which can be used without OpenSSL! ***

Crazed Ferrets in a Berkeley Shower

• In 2000, MWL wrote an essay for linux.com about why he uses the BSD license: "It’s actually stood up fairly well to the test of time, but it’s fourteen years old now."
• This is basically an updated version about why he uses the BSD license, in response to recent comments from Richard Stallman
• Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL
• Check out the full post if you're one of those people that gets into license arguments
• The takeaway is "BSD is about making the world a better place. For everyone." ***

OpenBSD on BeagleBone Black

• Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi
• A blog post about installing OpenBSD on a BBB from.. our guest for today!
• He describes it as "everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black"
• It goes through the whole process, details different storage options and some workarounds
• Could be a really fun weekend project if you're interested in small or embedded devices ***

Interview - Ted Unangst - tedu@openbsd.org / @tedunangst

OpenBSD's signify infrastructure, ZFS on OpenBSD

Tutorial

Running an NTP server

News Roundup

Getting started with FreeBSD

• A new video and blog series about starting out with FreeBSD
• The author has been a fan since the 90s and has installed it on every server he's worked with
• He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users
• The first video is the installation, then he goes on to packages and other topics - 4 videos so far ***

More OpenBSD hackathon reports

• As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience
• He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work
• This summary goes into detail about all the stuff he got done there ***

X11 in a jail

• We've gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can!
• A new tunable option will let jails access /dev/kmem and similar device nodes
• Along with a change to DRM, this allows full X11 in a jail
• Be sure to check out our jail tutorial and jailed VNC tutorial for ideas ***

PCBSD weekly digest

• 10.0 "Joule Edition" finally released!
• AMD graphics are now officially supported
• GNOME3, MATE and Cinnamon desktops are available
• Grub updates and fixes
• PCBSD also got a mention in eweek ***

Feedback/Questions

• Justin writes in
• Daniel writes in
• Martin writes in
• Alex writes in - unofficial FreeBSD RPI Images
• James writes in
• John writes in ***