NOTES**
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

FreeBSD Foundation Welcomes New Team Members

What Makes OpenZFS the Ideal Storage Solution for University Environments

News Roundup

SCaLE20X Conference Report

916 days of Emacs

XTerm: It's Better Than You Thought

NetBSD AGM2023: Annual General Meeting, May 13, 21:00 UTC

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Adrian - Tilde
• Dan - Root Shell
• Florian - Salt Extension

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

NetBSD 9.2 Released

DragonFly 6.0 is out!

• Release Notes *** ### EuroBSDCon 2021 will be online *** ## News Roundup ### Home Network Monitoring using Prometheus > This blog post describes my setup for monitoring various devices on my home network suh as servers, laptops/desktops, networking gear etc. The setup and configuration is squarely geared towards small/medium sized network monitoring. A similar setup might work for large networks, but you will need to plan your compute/storage/bandwidth capacities accordingly. I’m running all the monitoring software on FreeBSD, but you can run it on your choice of OS. Just make sure to install the packages using your OS’s package manager. *** ### Preventing FreeBSD to kill PostgreSQL (aka OOM Killer prevention) > There are a lot of interesting articles on how to prevent the Out of Memory Killer (OOM killer in short) on Linux to ruin your day, or better your night. One particularly well done explanation about how the OOM Killer works, and how to help PostgreSQL to survive, is, in my humble opinion, the one from Percona Blog. *** ### Customizing Emacs for Git Commit Messages >I do a lot of commits to the FreeBSD project and elsewhere. It would be nice if I could setup emacs in a custom way for each commit message that I'm editing. > Fortunately, GNU Emacs provides a nice way to do just that. While I likely could do some of these things with git commit hooks, I find this to be a little nicer. *** ### Deleting old FreeBSD boot environments > I like boot environments (BE) on FreeBSD. They were especially handy when building the AWS host for FreshPorts, since I had no serial console. I would create a BE saving the current status, then make some changes. I’d mark the current BE as boot once, so I could boot back in the known good BE. Worst case, I could mount the storage onto a rescue EC2 instance and adjust the bootfs value of the zpool. ***

Always be quitting

A good philosophy to live by at work is to “always be quitting”. No, don’t be constantly thinking of leaving your job. But act as if you might leave on short notice. Counterintuitively, this will make you a better engineer and open up growth opportunities.

---

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Christopher - zfs question
• Chris - two questions
• Vas - zpools and moving to FreeBSD 13

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated

I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.

Building the Development Version of Emacs on NetBSD

I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.

News Roundup

rc.d belongs in libexec, not etc

Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.
This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.

FreeBSD 11.3 EOL

As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer
be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly
encouraged to upgrade to a newer release as soon as possible.

OPNsense 20.7.1 Released

Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned.

MidnightBSD 1.2.7 out

MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.

It includes several bug fixes and security updates over the last ISO release and is recommended for new installations.

Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes

Beastie Bits

• Tarsnap podcast
• NetBSD Tips and Tricks
• FreeBSD mini-git Primer
• GhostBSD Financial Reports ***

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Daniel - Documentation Tooling
• Fongaboo - Where did the ZFS tutorial Go?
• Johnny - Browser Cold Wars ***
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

This episode was brought to you by

Headlines

EuroBSDCon 2015 call for papers

• The call for papers has been announced for the next EuroBSDCon, which is set to be held in Sweden this year
• According to their site, the call for presentation proposals period will start on Monday the 23rd of March until Friday the 17th of April
• If giving a full talk isn't your thing, there's also a call for tutorials - if you're comfortable teaching other people about something BSD-related, this could be a great thing too
• You're not limited to one proposal - several speakers gave multiple in 2014 - so don't hesitate if you've got more than one thing you'd like to talk about
• We'd like to see a more balanced conference schedule than BSDCan's having this year, but that requires effort on both sides - if you're doing anything cool with any BSD, we'd encourage you submit a proposal (or two)
• Check the announcement for all the specific details and requirements
• If your talk gets accepted, the conference even pays for your travel expenses ***

Making security sausage

• Ted Unangst has a new blog post up, detailing his experiences with some recent security patches both in and out of OpenBSD
• "Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!"
• The post first takes us through a few OpenBSD errata patches, explaining how some can get fixed very quickly, but others are more complicated and need a bit more review
• It also covers security in upstream codebases, and how upstream projects sometimes treat security issues as any other bug
• Following that, it leads to the topic of FreeType - and a much more complicated problem with backporting patches between versions
• The recent OpenSSL vulnerabilities were also mentioned, with an interesting story to go along with them
• Just 45 minutes before the agreed-upon announcement, OpenBSD devs found a problem with the patch OpenSSL planned to release - it had to be redone at the last minute
• It was because of this that FreeBSD actually had to release a security update to their security update
• He concludes with "My number one wish would be that every project provide small patches for security issues. Dropping enormous feature releases along with a note 'oh, and some security too' creates downstream mayhem." ***

Running FreeBSD on the server, a sysadmin speaks

• More BSD content is appearing on mainstream technology sites, and, more importantly, BSD Now is being mentioned
• ITWire recently did an interview with Allan about running FreeBSD on servers (possibly to go with their earlier interview with Kris about desktop usage)
• They discuss some of the advantages BSD brings to the table for sysadmins that might be used to Linux or some other UNIX flavor
• It also covers specific features like jails, ZFS, long-term support, automating tasks and even… what to name your computers
• If you've been considering switching your servers over from Linux to FreeBSD, but maybe wanted to hear some first-hand experience, this is the article for you ***

NetBSD ported to Hardkernel ODROID-C1

• In their never-ending quest to run on every new board that comes out, NetBSD has been ported to the Hardkernel ODROID-C1
• This one features a quad-core ARMv7 CPU at 1.5GHz, has a gig of ram and gigabit ethernet... all for just $35
• There's a special kernel config file for this board's hardware, available in both -current and the upcoming 7.0
• More info can be found on their wiki page
• After this was written, basic framebuffer console support was also committed, allowing a developer to run XFCE on the device ***

Interview - Bernard Spil - brnrd@freebsd.org / @sp1l

LibreSSL adoption in FreeBSD ports and the wider software ecosystem

News Roundup

Monitoring pf logs with Gource

• If you're using pf on any of the BSDs, maybe you've gotten bored of grepping logs and want to do something more fancy
• This article will show you how to get set up with Gource for a cinematic-like experience
• If you've never heard of Gource, it's "an OpenGL-based 3D visualization tool intended for visualizing activity on source control repositories"
• When you put all the tools together, you can end up with some pretty eye-catching animations of your firewall traffic
• One of our listeners wrote in to say that he set this up and, almost immediately, noticed his girlfriend's phone had been compromised - graphical representations of traffic could be useful for detecting suspicious network activity ***

pkgng 1.5.0 alpha1 released

• The development version of pkgng was updated to 1.4.99.14, or 1.5.0 alpha1
• This update introduces support for provides/requires, something that we've been wanting for a long time
• It will also now print which package is the reason for direct dependency change
• Another interesting addition is the "pkg -r" switch, allowing cross installation of packages
• Remember this isn't the stable version, so maybe don't upgrade to it just yet on any production systems
• DragonFly will also likely pick up this update once it's marked stable ***

Welcome to OpenBSD

• We mentioned last week that our listener Brian was giving a talk in the Troy, New York area
• The slides from that talk are now online, and they've been generating quite a bit of discussion online
• It's simply titled "Welcome to OpenBSD" and gives the reader an introduction to the OS (and how easy it is to get involved with contributing)
• Topics include a quick history of the project, who the developers are and what they do, some proactive security techniques and finally how to get involved
• As you may know, NetBSD has almost 60 supported platforms and their slogan is "of course it runs NetBSD" - Brian says, with 17 platforms over 13 CPU architectures, "it probably runs OpenBSD"
• No matter which BSD you might be interested in, these slides are a great read, especially for any beginners looking to get their feet wet
• Try to guess which font he used... ***

BSDTalk episode 252

• And somehow Brian has snuck himself into another news item this week
• He makes an appearance in the latest episode of BSD Talk, where he chats with Will about running a BSD-based shell provider
• If that sounds familiar, it's probably because we did the same thing, albeit with a different member of their team
• In this interview, they discuss what a shell provider does, hardware requirements and how to weed out the spammers in favor of real people
• They also talk a bit about the community aspect of a shared server, as opposed to just running a virtual machine by yourself ***

Feedback/Questions

• Christian writes in
• Stefan writes in
• Possnfiffer writes in
• Ruudsch writes in
• Shane writes in ***

Mailing List Gold

• Accidental support
• Larry's tears
• The boy who sailed with BSD ***