This episode was brought to you by

Headlines

New PAE support in OpenBSD

• OpenBSD has just added Physical Address Extention support to the i386 architecture, but it's probably not what you'd think of when you hear the term
• In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that
• Instead, this change specifically allows the system to use the No-eXecute Bit of the processor for the userland, further hardening the in-place memory protections
• Other operating systems enable the CPU feature without doing anything to the page table entries, so they do get the available memory expansion, but don't get the potential security benefit
• As we discussed in a previous episode, the AMD64 platform already saw some major W^X kernel and userland improvements - the i386 kernel reworking will begin shortly
• Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of W^X that was already there
• The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8 ***

Booting Windows in bhyve

• Work on FreeBSD's bhyve continues, and a big addition is on the way
• Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, no Windows
• This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter
• Graphics emulation is still in the works; this image was taken by booting headless and using RDP
• A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan)
• Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out
• Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts ***

MidnightBSD 0.6 released

• MidnightBSD is a smaller project we've not covered a lot on the show before
• It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use
• They also have their own, smaller version of FreeBSD ports, called "mports"
• If you're already using it, this new version is mainly a security and bugfix release
• It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions
• You can check their site for more information about the project
• We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet ***

OpenBSD rewrites the file utility

• We're all probably familiar with the traditional file command - it's been around since the 1970s
• For anyone who doesn't know, it's used to determine what type of file something actually is
• This tool doesn't see a lot of development these days, and it's had its share of security issues as well
• Some of those security issues remain unfixed in various BSDs even today, despite being publicly known for a while
• It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it
• When you think about it, file was technically designed to be used on untrusted files
• OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny
• This new version will, by default, run as an unprivileged user with no shell, and in a systrace sandbox, strictly limiting what system calls can be made
• With these two things combined, it should drastically reduce the damage a malicious file could potentially do
• Ian Darwin, the original author of the utility, saw the commit and replied, in what may be a moment in BSD history to remember
• It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version
• Coincidentally, the lead developer and current maintainer of file just happens to be our guest today… ***

Interview - Christos Zoulas - christos@netbsd.org

blacklistd and NetBSD advocacy

News Roundup

GSoC-accepted BSD projects

• The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list
• FreeBSD's list includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. memory compression and deduplication
• OpenBSD's list includes: asynchronous USB transfer submission from userland, ARM SD/MMC & controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... porting HAMMER FS to OpenBSD
• We'll be sure to keep you up to date on developments from both projects
• Hopefully the other BSDs will make the cut too next year ***

FreeBSD on the Gumstix Duovero

• If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based computer-on-module
• They actually look more like a stick of RAM than a mini-computer
• This article shows you how to build a FreeBSD -CURRENT image to run on them, using crochet-freebsd
• If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us ***

EU study recommends OpenBSD

• A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools
• This is especially important, in all countries, after the mass surveillance documents came out
• "[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts."
• The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on
• Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways"
• Reddit, Undeadly and Hacker News also had some discussion, particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with Voxer and M:Tier before ***

FreeBSD workflow with Git

• If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too
• This mailing list post talks about interacting between the official source repository and the Git mirror
• This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved ***

Feedback/Questions

• Sean writes in
• Bryan writes in
• Sean writes in
• Charles writes in ***

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• Gabor Pali sent out the October-December 2013 status report to get everyone up to date on what's going on
• The report contains 37 entries and is very very long... various reports from all the different teams under the FreeBSD umbrella, probably too many to even list in the show notes
• Lots of work going on in the ARM world, EC2/Xen and Google Compute Engine are also improving
• Secure boot support hopefully coming [by mid-year](www.itwire.com/business-it-news/open-source/62855-freebsd-to-support-secure-boot-by-mid-year)
• There's quite a bit going on in the FreeBSD world, many projects happening at the same time ***

n2k14 OpenBSD Hackathon Report

• Recently, OpenBSD held one of their hackathons in New Zealand
• 15 developers gathered there to sit in a room and write code for a few days
• Philip Guenther brings back a nice report of the event
• If you've been watching the -current CVS logs, you've seen the flood of commits just from this event alone
• Fixes with threading, Linux compat, ACPI, and various other things - some will make it into 5.5 and others need more testing
• Another report from Theo details his work
• Updates to the random subsystem, some work-in-progress pf fixes, suspend/resume fixes and more signing stuff ***

Four new NetBSD releases

• NetBSD released versions 6.1.3, 6.0.4, 5.2.2 and 5.1.4
• These updates include lots of bug fixes and some security updates, not focused on new features
• You can upgrade depending on what branch you're currently on
• Confused about the different branches? See this graph. ***

The future of open source ZFS development

• On February 11, 2014, Matt Ahrens will be giving a presentation about ZFS
• The talk will be about the future of ZFS and the open source development since Oracle closed the code
• It's in San Jose, California - go if you can! ***

Interview - George Neville-Neil - gnn@freebsd.org / @gvnn3

The FreeBSD Journal

Tutorial

Tracking -STABLE and -CURRENT (OpenBSD)

News Roundup

pfSense news and 2.1.1 snapshots

• pfSense has some snapshots available for the upcoming 2.1.1 release
• They include FreeBSD security fixes as well as some other updates
• There are recordings posted of some of the previous hangouts
• Unfortunately they're only for subscribers, so you'll have to wait until next month when we have Chris on the show to talk about pfSense! ***

FreeBSD on Google Compute Engine

• Recently we mentioned some posts about getting OpenBSD to run on GCE, here's the FreeBSD version
• Nice big fat warning: "The team has put together a best-effort posting that will get most, if not all, of you up and running. That being said, we need to remind you that FreeBSD is being supported on Google Compute Engine by the community. The instructions are being provided as-is and without warranty."
• Their instructions are a little too Linuxy (assuming wget, etc.) for our taste, someone should probably get it updated!
• Other than that it's a pretty good set of instructions on how to get up and running ***

Dragonfly ACPI update

• Sascha Wildner committed some new ACPI code
• There's also a "heads up" to update your BIOS if you experience problems
• Check the mailing list post for all the details ***

PCBSD weekly digest

• 10.0-RC4 users need to upgrade all their packages for 10.0-RC5
• PBIs needed to be rebuilt.. actually everything did
• Help test GNOME 3 so we can get it in the official ports tree
• By the way, I think Kris has an announcement - PCBSD 10.0 is out! ***

Feedback/Questions

• Tony writes in
• Jeff writes in
• Remy writes in
• Nils writes in
• Solomon writes in ***