This episode was brought to you by

Headlines

More BSD conference videos

• We mentioned it a few times, but the "New Directions in Operating Systems" conference was held in November in the UK
• The presentations videos are now online, with a few BSD-related talks of interest
• Antti Kantee, Rump kernels and why / how we got here
• Franco Fichtner, An introduction to userland networking
• Robert Watson, New ideas about old OS security
• Lots of other interesting, but non-BSD-related, talks were also presented, so check the full list if you're interested in operating systems in general
• The 2014 AsiaBSDCon videos are also slowly being uploaded (better late than never)
• Kirk McKusick, An Overview of Security in the FreeBSD Kernel
• Matthew Ahrens, OpenZFS ensures the continued excellence of ZFS
• Eric Allman, Bambi Meets Godzilla: They Elope - Open Source Meets the Commercial World
• Scott Long, Modifying the FreeBSD kernel Netflix streaming servers
• Dru Lavigne, ZFS for the Masses
• Kris Moore, Snapshots, Replication, and Boot Environments
• David Chisnall, The Future of LLVM in the FreeBSD Toolchain
• Luba Tang, Bold, fast optimizing linker for BSD
• John Hixson, Introduction to FreeNAS development
• Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM
• Michael Dexter, Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite
• Peter Grehan, Nested Paging in Bhyve
• Martin Matuška, Deploying FreeBSD systems with Foreman and mfsBSD
• James Brown, Analysys of BSD Associate Exam Results
• Mindaugas Rasiukevicius, NPF - progress and perspective
• Luigi Rizzo, Netmap as a core networking technology
• Michael W. Lucas, Sudo: You're Doing it Wrong (not from a BSD conference, but still good)
• They should make for some great material to watch during the holidays ***

OpenBSD vs FreeBSD security features

• From the author of both the OpenBSD and FreeBSD secure gateway articles we've featured in the past comes a new entry about security
• The article goes through a list of all the security features enabled (and disabled) by default in both FreeBSD and OpenBSD
• It covers a wide range of topics, including: memory protection, randomization, encryption, privilege separation, Capsicum, securelevels, MAC, Jails and chroots, network stack hardening, firewall features and much more
• This is definitely one of the most in-depth and complete articles we've seen in a while - the author seems to have done his homework
• If you're looking to secure any sort of BSD box, this post has some very detailed explanations of different exploit mitigation techniques - be sure to read the whole thing
• There are also some good comments on DaemonForums and lobste.rs that you may want to read ***

The password? You changed it, right?

• Peter Hansteen has a new blog post up, detailing some weird SSH bruteforcing he's seen recently
• He apparently reads his auth logs when he gets bored at an airport
• This new bruteforcing attempt seems to be targetting D-Link devices, as evidenced by the three usernames the bots try to use
• More than 700 IPs have tried to get into Peter's BSD boxes using these names in combination with weak passwords
• Lots more details, including the lists of passwords and IPs, can be found in the full article
• If you're using a BSD router, things like this can be easily prevented with PF or fail2ban (and you probably don't have a "d-link" user anyway) ***

Get started with FreeBSD, an intro for Linux users

• Another new BSD article on a mainstream technology news site - seems we're getting popular
• This article is written for Linux users who may be considering switching over to BSD and wondering what it's all about
• It details installing FreeBSD 9.3 and getting a basic system setup, while touching on ports and packages, and explaining some terminology along the way
• "Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like" **

Interview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor

FreeBSD Mastery: Storage Essentials

News Roundup

OpenSMTPD status update

• The OpenSMTPD guys, particularly Gilles, have posted an update on what they've been up to lately
• As of 5.6, it's become the default MTA in OpenBSD, and sendmail will be totally gone in 5.7
• Email is a much more tricky protocol than you might imagine, and the post goes through some of the weirdness and problems they've had to deal with
• There's also another post that goes into detail on their upcoming filtering API - a feature many have requested
• The API is still being developed, but you can test it out now if you know what you're doing - full details in the article
• OpenSMTPD also has portable versions in FreeBSD ports and NetBSD pkgsrc, so check it out ***

OpenCrypto changes in FreeBSD

• A little while back, we talked to John-Mark Gurney about updating FreeBSD's OpenCrypto framework, specifically for IPSEC
• Some of that work has just landed in the -CURRENT branch, and the commit has a bit of details
• The ICM and GCM modes of AES were added, and both include support for AESNI
• There's a new port - "nist-kat" - that can be used to test the new modes of operation
• Some things were fixed in the process as well, including an issue that would leak timing info and result in the ability to forge messages
• Code was also borrowed from both OpenBSD and NetBSD to make this possible ***

First thoughts on OpenBSD's httpd

• Here we have a blog post from a user of OpenBSD's new homegrown web server that made its debut in 5.6
• The author loves that it has proper privilege separation, a very simple config syntax and that it always runs in a chroot
• He also mentions dynamic content hosting with FastCGI, and provides an example of how to set it up
• Be sure to check our interview with Reyk about the new httpd if you're curious on how it got started
• Also, if you're running the version that came with 5.6, there's a huge patch you can apply to get a lot of the features and fixes from -current without waiting for 5.7 ***

Steam on PCBSD

• One of the most common questions people who want to use BSD as a desktop ask us is "can I run games?" or "can I use steam?"
• Steam through the Linux emulation layer (in FreeBSD) may be possible soon, but it's already possible to use it with WINE
• This video shows how to get Steam set up on PCBSD using the Windows version
• There are also some instructions in the video description to look over
• A second video details getting streaming set up ***

Feedback/Questions

• Charlie writes in
• Sean writes in
• Predrag writes in ***

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• FreeBSD has gotten quite a lot done this quarter
• Changes in the way release branches are supported - major releases will get at least five years over their lifespan
• A new automounter is in the works, hoping to replace amd (which has some issues)
• The CAM target layer and RPC stack have gotten some major optimization and speed boosts
• Work on ZFSGuru continues, with a large status report specifically for that
• The report also mentioned some new committers, both source and ports
• It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
• "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" ***

A new OpenBSD HTTPD is born

• Work has begun on a new HTTP daemon in the OpenBSD base system
• A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
• Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
• It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
• This has the added benefit of the usual, easy-to-understand syntax and privilege separation
• There's a very brief man page online already
• It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
• Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) ***

pkgng 1.3 announced

• The newest version of FreeBSD's second generation package management system has been released, with lots of new features
• It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
• Lots of the code has been sandboxed for extra security
• You'll probably notice some new changes to the UI too, making things more user friendly
• A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday ***

FreeBSD after-install security tasks

• A number of people have written in to ask us "how do I secure my BSD box after I install it?"
• With this blog post, hopefully most of their questions will finally be answered in detail
• It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
• Not only does it just list things to do, but the post also does a good job of explaining why you should do them
• Maybe we'll see some more posts in this series in the future ***

Interview - Brent Cook - bcook@openbsd.org / @busterbcook

LibreSSL's portable version and development

News Roundup

FreeBSD Mastery - Storage Essentials

• MWL's new book about the FreeBSD storage subsystems now has an early draft available
• Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
• Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
• You'll get access to the completed (e)book when it's done if you buy the early draft
• The suggested price is $8 ***

Why BSD and not Linux?

• Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
• Lots of good responses from users of the various BSDs
• Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
• And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
• Some other users share their switching experiences - worth a read ***

More g2k14 hackathon reports

• Following up from last week's huge list of hackathon reports, we have a few more
• Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
• Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
• Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
• Luckily we didn't have to cover 20 new ones this time! ***

BSDTalk episode 243

• The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
• The main topic of discussion is mandoc, which some users might not be familiar with
• mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
• We'll catch up to you soon, Will! ***

Feedback/Questions

• Thomas writes in
• Stephen writes in
• Sha'ul writes in
• Florian writes in
• Bob Beck writes in - and note the "Caution" section that was added to libressl.org ***

This episode was brought to you by

Headlines

OpenBSD 5.5 released

• If you ordered a CD set then you've probably had it for a little while already, but OpenBSD has formally announced the public release of 5.5
• This is one of the biggest releases to date, with a very long list of changes and improvements
• Some of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes... and a lot more
• The full list of changes is HUGE, be sure to read through it all if you're interested in the details
• If you're doing an upgrade from 5.4 instead of a fresh install, pay careful attention to the upgrade guide as there are some very specific steps for this version
• Also be sure to apply the errata patches on your new installations... especially those OpenSSL ones (some of which still aren't fixed in the other BSDs yet)
• On the topic of errata patches, the project is now going to also send them out (signed) via the announce mailing list, a very welcome change
• Congrats to the whole team on this great release - 5.6 is going to be even more awesome with "Libre"SSL and lots of other stuff that's currently in development ***

FreeBSD foundation funding highlights

• The FreeBSD foundation posts a new update on how they're spending the money that everyone donates
• "As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we've done to help FreeBSD become the most innovative, reliable, and high-performance operation system"
• During this spring, they want to highlight the new UEFI boot support and newcons
• There's a lot of details about what exactly UEFI is and why we need it going forward
• FreeBSD has also needed some updates to its console to support UTF8 and wide characters
• Hopefully this series will continue and we'll get to see what other work is being sponsored ***

OpenSSH without OpenSSL

• The OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional
• Since it won't have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security
• This version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES in counter mode and the new combination of the Chacha20 stream cipher with Poly1305 for packet integrity
• Key exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs
• No support for RSA, DSA or ECDSA public keys - only Ed25519
• It also includes a new buffer API and a set of wrappers to make it compatible with the existing API
• Believe it or not, this was planned before all the heartbleed craziness
• Maybe someday soon we'll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc, would be really neat ***

BSDMag's April 2014 issue is out

• The free monthly BSD magazine has got a new issue available for download
• This time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online
• Anyone can contribute to the magazine, just send the editors an email about what you want to write
• No Linux articles this time around, good ***

Interview - David Chisnall - theraven@freebsd.org

The LLVM/Clang switch, FreeBSD's core team, various topics

Tutorial

RAID in FreeBSD and OpenBSD

News Roundup

BSDTalk episode 240

• Our buddy Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest - mainly to talk about NTP and keeping reliable time
• Topics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round trip time, some of the recent NTP amplification attacks, the downsides to using UDP instead of TCP and... much more
• GNN also talks a little about the Precision Time Protocol and how it's different than NTP
• Two people we've interviewed talking to each other, awesome
• If you're interested in NTP, be sure to see our tutorial too ***

m2k14 trip reports

• We've got a few more reports from the recent OpenBSD hackathon in Morocco
• The first one is from Antoine Jacoutot (who is a key GNOME porter and gave us the screenshots for the OpenBSD desktop tutorial)
• "Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 unprepared about what I was going to do"
• He got lots of work done with ports and pushing GNOME-related patches back up to the main project, then worked on fixing ports' compatibility with LibreSSL
• Speaking of LibreSSL, there's an article all would-be portable version writers should probably read and take into consideration
• Jasper Adriaanse also writes about what he got done over there
• He cleaned up and fixed the puppet port to work better with OpenBSD ***

Why you should use FreeBSD on your cloud VPS

• Here we have a blog post from Atlantic, a VPS and hosting provider, about 10 reasons for using FreeBSD
• Starts off with a little bit of BSD history for those who are unfamiliar with it and only know Linux and Windows
• The 10 reasons are: community, stability, collaboration, ease of use, ports, security, ZFS, GEOM, sound and having lots of options
• The post goes into detail about each of them and why FreeBSD makes a great choice for a VPS OS ***

PCBSD weekly digest

• Big changes coming in the way PCBSD manages software
• The PBI system, AppCafe and related tools are all going to use pkgng now
• The AppCafe will no longer be limited to PBIs, so much more software will be easily available from the ports tree
• New rating system coming soon and much more ***

Feedback/Questions

• Martin writes in
• John writes in
• Alex writes in
• Goetz writes in
• Jarrad writes in ***

This episode was brought to you by

Interview - Eric Turgeon - ericturgeon@ghostbsd.org / @GhostBSD1

GhostBSD

Tutorial

Serially concatenating disks in NetBSD

Feedback/Questions

• Dave writes in
• Shane writes in
• Rob writes in
• Predrag writes in ***