This episode was brought to you by

Headlines

LUKS in OpenBSD

• Last week, we were surprised to find out that DragonFlyBSD has support for dm-crypt, sometimes referred to as LUKS (Linux Unified Key Setup)
• It looks like they might not be the only BSD with support for it for much longer, as OpenBSD is currently reviewing a patch for it as well
• LUKS would presumably be an additional option in OpenBSD's softraid system, which already provides native disk encryption
• Support hasn't been officially committed yet, it's still going through testing, but the code is there if you want to try it out and report your findings
• If enabled, this might pave the way for the first (semi-)cross platform encryption scheme since the demise of TrueCrypt (and maybe other BSDs will get it too in time) ***

FreeBSD gets 64bit Linux emulation

• For those who might be unfamiliar, FreeBSD has an emulation layer to run Linux-only binaries (as rare as they may be)
• The most common use case is for desktop users, enabling them to run proprietary applications like Adobe Flash or Skype
• Similar systems can also be found in NetBSD and OpenBSD (though disabled by default on the latter)
• However, until now, it's only supported binaries compiled for the i386 architecture
• This new update, already committed to -CURRENT, will open some new possibilities that weren't previously possible
• Meanwhile, HardenedBSD considers removing the emulation layer entirely ***

BSD at Open Source Conference 2015 Nagoya

• We've covered the Japanese NetBSD users group setting up lots of machines at various conferences in the past, but now they're expanding
• Their latest report includes many of the NetBSD things you'd expect, but also a couple OpenBSD machines
• Some of the NetBSD ones included a Power Mac G4, SHARP NetWalker, Cubieboard2 and the not-so-foreign Raspberry Pi
• One new addition of interest is the OMRON LUNA88k, running the luna88k port of OpenBSD
• There was even an old cell phone running Windows games on NetBSD
• Check the mailing list post for some links to all of the nice pictures ***

LLVM introduces OpenMP support

• One of the things that has kept some people in the GCC camp is the lack of OpenMP support in LLVM
• According to the blog post, it "enables Clang users to harness full power of modern multi-core processors with vector units"
• With Clang being the default in FreeBSD, Bitrig and OS X, and with some other BSDs exploring the option of switching, the need for this potential speed boost was definitely there
• This could also open some doors for more BSD in the area of high performance computing, putting an end to the current Linux monopoly ***

Interview - Eric, FSF, John, Jose, Kris and Stewart

Various "man on the street" style mini-interviews

News Roundup

BSD-licensed gettext replacement

• If you've ever installed ports on any of the BSDs, you've probably had GNU's gettext pulled in as a dependency
• Wikipedia says "gettext is an internationalization and localization (i18n) system commonly used for writing multilingual programs on Unix-like computer operating systems"
• A new BSD-licensed rewrite has begun, with the initial version being for NetBSD (but it's likely to be portable)
• If you've got some coding skills, get involved with the project - the more freely-licensed replacements, the better ***

Unix history git repo

• A git repository was recently created to show off some Unix source code history
• The repository contains 659 thousand commits and 2306 merges
• You can see early 386BSD commits all the way up to some of the more modern FreeBSD code
• If you want to browse through the giant codebase, it can be a great history lesson ***

PCBSD 10.1.2 and Lumina updates

• We mentioned 10.1.1 being released last week (and all the cool features a couple weeks before) but now 10.1.2 is out
• This minor update contained a few hotfixes: RAID-Z installation, cache and log devices and the text-only installer in UEFI mode
• There's also a new post on the PCBSD blog about Lumina, answering some frequently asked questions and giving a general status update ***

Feedback/Questions

• Jake writes in
• Van writes in
• Anonymous writes in
• Dominik writes in (text answer)
• Chris writes in ***

Mailing List Gold

• Death by chocolate ***

This episode was brought to you by

Headlines

The missing EuroBSDCon videos

• Some of the missing videos from EuroBSDCon 2014 we mentioned before have mysteriously appeared
• Jordan Hubbard, FreeBSD, looking forward to another 10 years
• Lourival Viera Neto, NPF scripting with Lua
• Kris Moore, Snapshots, replication and boot environments
• Andy Tanenbaum, A reimplementation of NetBSD based on a microkernel
• Kirk McKusick, An introduction to FreeBSD's implementation of ZFS
• Emannuel Dreyfus, FUSE and beyond, bridging filesystems
• John-Mark Gurney, Optimizing GELI performance
• Unfortunately, there are still about six talks missing… and no ETA ***

FreeBSD on a MacBook Pro (or two)

• We've got a couple posts about running FreeBSD on a MacBook Pro this week
• In the first one, the author talks a bit about trying to run Linux on his laptop for quite a while, going back and forth between it and something that Just Works™
• Eventually he came full circle, and the focus on using only GUI tools got in the way, instead of making things easier
• He works on a lot of FreeBSD-related software, so switching to it for a desktop seems to be the obvious next step
• He's still not quite to that point yet, but documents his experiments with BSD as a desktop
• The second article also documents an ex-Linux user switching over to BSD for their desktop
• It also covers power management, bluetooth and trackpad setup
• On the topic of Gentoo, "Underneath the beautiful and easy-to-use Portage system lies the same glibc, the same turmoil over a switch to a less-than-ideal init system, and the same kernel-level bugs that bring my productivity down"
• Check out both articles if you've been considering running FreeBSD on a MacBook ***

Remote logging over TLS

• In most of the BSDs, syslogd has been able to remotely send logs to another server for a long time
• That feature can be very useful, especially for forensics purposes - it's much harder for an attacker to hide their activities if the logs aren't on the same server
• The problem is, of course, that it's sent in cleartext, unless you tunnel it over SSH or use some kind of third party wrapper
• With a few recent commits, OpenBSD's syslogd now supports sending logs over TLS natively, including X509 certificate verification
• By default, syslogd runs as an unprivileged user in a chroot on OpenBSD, so there were some initial concerns about certificate verification - how does that user access the CA chain outside of the chroot?
• That problem was also conquered, by loading the CA chain directly from memory, so the entire process can be run in the chroot without issue
• Some of the privsep verifcation code even made its way into LibreSSL right afterwards
• If you haven't set up remote logging before, now might be an interesting time to try it out ***

FreeBSD, not a Linux distro

• George Neville-Neil gave a presentation recently, titled "FreeBSD: not a Linux distro"
• It's meant to be an introduction to new users that might've heard about FreeBSD, but aren't familiar with any BSD history
• He goes through some of that history, and talks about what FreeBSD is and why you might want to use it over other options
• There's even an interesting "thirty years in three minutes" segment
• It's not just a history lesson though, he talks about some of the current features and even some new things coming in the next version(s)
• We also learn about filesystems, jails, capsicum, clang, dtrace and the various big companies using FreeBSD in their products
• This might be a good video to show your friends or potential employer if you're looking to introduce FreeBSD to them ***

Long-term support considered harmful

• There was recently a pretty horrible bug in GNU's libc (BSDs aren't affected, don't worry)
• Aside from the severity of the actual problem, the fix was delayed for quite a long time, leaving people vulnerable
• Ted Unangst writes a post about how this idea of long-term support could actually be harmful in the long run, and compares it to how OpenBSD does things
• OpenBSD releases a new version every six months, and only the two most recent releases get support and security fixes
• He describes this as both a good thing and a bad thing: all the bugs in the ecosystem get flushed out within a year, but it forces people to stay (relatively) up-to-date
• "Upgrades only get harder and more painful (and more fragile) the longer one goes between them. More changes, more damage. Frequent upgrades amortize the cost and ensure that regressions are caught early."
• There was also some discussion about the article you can check out ***

Interview - Andrew Tanenbaum - info@minix3.org / @minix3

MINIX's integration of NetBSD

News Roundup

Using AFL on OpenBSD

• We've talked about American Fuzzy Lop a bit on a previous episode, and how some OpenBSD devs are using it to catch and fix new bugs
• Undeadly has a cool guide on how you can get started with fuzzing
• It's a little on the advanced side, but if you're interested in programming or diagnosing crashes, it'll be a really interesting article to read
• Lots of recent CVEs in other open source projects are attributed to fuzzing - it's a great way to stress test your software ***

Lumina 0.8.1 released

• A new version of Lumina, the BSD-licensed desktop environment from PCBSD, has been released
• This update includes some new plugins, lots of bugfixes and even "quality-of-life improvements"
• There's a new audio player desktop plugin, a button to easily minimize all windows at once and some cool new customization options
• You can get it in PCBSD's edge repo or install it through regular ports (on FreeBSD, OpenBSD or DragonFly!)
• If you haven't seen our episode about Lumina, where we interview the developer and show you a tour of its features, gotta go watch it ***

My first OpenBSD port

• The author of the "Code Rot & Why I Chose OpenBSD" article has a new post up, this time about ports
• He recently made his first port and got it into the tree, so he talks about the whole process from start to finish
• After learning some of the basics and becoming comfortable running -current, he noticed there wasn't a port for the "Otter" web browser
• At that point he did what you're supposed to do in that situation, and started working on it himself
• OpenBSD has a great porter's handbook that he referenced throughout the process
• Long story short, his browser of choice is in the official ports collection and now he's the maintainer (and gets to deal with any bug reports, of course)
• If some software you use isn't available for whatever BSD you're using, you could be the one to make it happen ***

How to slide with DragonFly

• DragonFly BSD has a new HAMMER FS utility called "Slider"
• It's used to easily browse through file history and undelete files - imagine something like a commandline version of Apple's Time Machine
• They have a pretty comprehensive guide on how to use it on their wiki page
• If you're using HAMMER FS, this is a really handy tool to have, check it out ***

OpenSMTPD with Dovecot and Salt

• We recently had a feedback question about which mail servers you can use on BSD - Postfix, Exim and OpenSMTPD being the big three
• This blog post details how to set up OpenSMTPD, including Dovecot for IMAP and Salt for quick and easy deployment
• Intrigued by it becoming the default MTA in OpenBSD, the author decided to give it a try after being a long-time Postfix fan
• "Small, fast, stable, and very easy to customize, no more ugly m4 macros to deal with"
• Check it out if you've been thinking about configuring your first mail server on any of the BSDs ***

Feedback/Questions

• Christopher writes in (handbook section)
• Mark writes in
• Kevin writes in
• Stefano writes in
• Matthew writes in ***

Mailing List Gold

• Not that interested actually
• This guy again
• Yep, this is the place ***

This episode was brought to you by

Headlines

FreeBSD foundation's new IPSEC project

• The FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code
• With bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance
• This new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD
• The updated stack will also support AES-NI for hardware-based encryption speed ups
• It's expected to be completed by the end of September, and will also be in pfSense 2.2 ***

NetBSD at Shimane Open Source Conference 2014

• The Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23
• One of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary
• They had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations
• Some visitors said that NetBSD had the most chaotic booth at the conference ***

pfSense 2.1.5 released

• A new version of the pfSense 2.1 branch is out
• Mostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched in -RELEASE after nearly a month)
• It also includes many other bug fixes, check the blog post for the full list ***

Systems, Science and FreeBSD

• Our friend George Neville-Neil gave a presentation at Microsoft Research
• It's mainly about using FreeBSD as a platform for research, inside and outside of universities
• The talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more ***

Interview - Reyk Floeter - reyk@openbsd.org / @reykfloeter

OpenBSD's HTTP daemon

Tutorial

A crash course on HAMMER FS

News Roundup

OpenBSD's rcctl tool usage

• OpenBSD recently got a new tool for managing /etc/rc.conf.local in -current
• Similar to FreeBSD's "sysrc" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services
• This blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services
• It won't make it to 5.6, but will be in 5.7 (next May) ***

pfSense mini-roundup

• We found five interesting pfSense articles throughout the week and wanted to quickly mention them
• The first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a "smart" DNS service
• The second post talks about setting ip IPv6, in particular if Comcast is your ISP
• The third one features pfSense on Softpedia, a more mainstream tech site
• The fourth post describes how to filter HTTPS traffic with Squid and pfSense
• The last article describes setting up a VPN using the "tinc" daemon and pfSense
• It seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about
• This pfSense HQ website seems to have lots of other cool pfSense items, check it out ***

OpenBSD's new buffer cache

• OpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems
• Ted Unangst has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work
• Initial tests show positive results in terms of cache responsiveness
• Check the post for all the fine details ***

BSDTalk episode 244

• Another new BSDTalk is up and, this time around, Will Backman interviews Ken Moore, the developer of the new BSD desktop environment
• They discuss the history of development, differences between it and other DEs, lots of topics
• If you're more of a visual person, fear not, because...
• We'll have Ken on next week, including a full "virtual walkthrough" of Lumina and its applications ***

Feedback/Questions

• Ghislain writes in
• Raynold writes in
• Van writes in
• Sean writes in
• Stefan writes in ***

Headlines

OpenSSH 6.4 released

• Security fixes in OpenSSH don't happen very often
• 6.4 fixes a memory corruption problem, no new features
• If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.
• Disabling AES-GCM in the server configuration is a workaround
• Only affects 6.2 and 6.3 if compiled against a newer OpenSSL (so FreeBSD 9's base OpenSSL is unaffected, for example)
• Full details here ***

Getting to know your portmgr-lurkers

• Next entry in portmgr interview series
• This time they chat with Mathieu Arnold, one of the portmgr-lurkers we mentioned previously
• Lots of questions ranging from why he uses BSD to what he had for breakfast
• Another one was since released, with Antoine Brodin aka antoine@ ***

FUSE in OpenBSD

• As we glossed over last week, FUSE was recently added to OpenBSD
• Now the guys from the OpenBSD Journal have tracked down more information
• This version is released under an ISC license
• Should be in OpenBSD 5.5, released a little less than 6 months from now
• Will finally enable things like SSHFS to work in OpenBSD ***

Automated submission of kernel panic reports

• New tool from Colin Percival
• Saves information about kernel panics and emails it to FreeBSD
• Lets you review before sending so you can edit out any private info
• Automatically encrypted before being sent
• FreeBSD never kernel panics so this won't get much use ***

Interview - Justin Sherrill - justin@dragonflybsd.org / @dragonflybsd

DragonflyBSD 3.6 and the Dragonfly Digest

Tutorial

Building an OpenBSD Router

News Roundup

BSD router project 1.5 released

• Nice timing for our router tutorial; TBRP is a FreeBSD distribution for installing on a router
• It's an alternative to pfSense, but not nearly as well known or popular
• New version is based on 9.2-RELEASE, includes lots of general updates and bugfixes
• Fits on a 256MB Compact Flash/USB drive ***

Curve25519 now default key exchange

• We mentioned in an earlier episode about a patch for curve25519
• Now it's become the default for key exchange
• Will probably make its way into OpenSSH 6.5, would've been in 6.4 if we didn't have that security vulnerability
• It's interesting to see all these big changes in cryptography in OpenBSD lately ***

FreeBSD kernel selection in boot menu

• Adds a kernel selection menu to the beastie menu
• List of kernels is taken from 'kernels' in loader.conf as a space or comma separated list of names to display (up to 9)
• From our good buddy Devin Teske ***

PCBSD weekly digest

• PCDM has officially replaced GDM as the default login manager
• New ISO build scripts (we got a sneak preview last week)
• Lots of bug fixes
• Second set of 10-STABLE ISOs available with new artwork and much more ***

Theo de Raadt speaking at MUUG

• Theo will be speaking at Manitoba UNIX User Group in Winnipeg
• On Friday, Nov 15, 2013 at 5:30PM (see show notes for the address)
• If you're watching the show live you have time to make plans, if you're watching the downloaded version it might be happening right now!
• No agenda, but expect some OpenBSD discussion ***

Feedback/Questions

• Dave writes in
• James writes in
• Allen writes in
• Chess writes in
• Frank writes in ***