<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" encoding="UTF-8" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/" xmlns:atom="http://www.w3.org/2005/Atom/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:fireside="http://fireside.fm/modules/rss/fireside">
  <channel>
    <fireside:hostname>app02</fireside:hostname>
    <fireside:genDate>Tue, 14 Jul 2026 14:44:11 +0000</fireside:genDate>
    <generator>Fireside (https://fireside.fm)</generator>
    <title>BSD Now - Episodes Tagged with “Httpd”</title>
    <link>https://www.bsdnow.tv/tags/httpd</link>
    <pubDate>Thu, 15 Jun 2023 03:00:00 -0400</pubDate>
    <description>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.</description>
    <language>en-us</language>
    <itunes:type>episodic</itunes:type>
    <itunes:subtitle>A weekly podcast and the place to B...SD</itunes:subtitle>
    <itunes:author>JT Pennington</itunes:author>
    <itunes:summary>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.</itunes:summary>
    <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
    <itunes:explicit>no</itunes:explicit>
    <itunes:keywords>berkeley,freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview</itunes:keywords>
    <itunes:owner>
      <itunes:name>JT Pennington</itunes:name>
      <itunes:email>feedback@bsdnow.tv</itunes:email>
    </itunes:owner>
<itunes:category text="News">
  <itunes:category text="Tech News"/>
</itunes:category>
<itunes:category text="Education">
  <itunes:category text="How To"/>
</itunes:category>
<item>
  <title>511: Against Innovation</title>
  <link>https://www.bsdnow.tv/511</link>
  <guid isPermaLink="false">6b99d11c-2ee7-450e-8446-d0ceed9be7b1</guid>
  <pubDate>Thu, 15 Jun 2023 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6b99d11c-2ee7-450e-8446-d0ceed9be7b1.mp3" length="48869760" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Sun Ray laptops, MIPS and getting root on them, OpenZFS for HPC Clusters, Self-Hosted Bookmarks using DAV and httpd on OpenBSD, Terraform + Proxmox + OpenBSD = &lt;3, WOL Plex Server, Against innovation, and more</itunes:subtitle>
  <itunes:duration>50:54</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Sun Ray laptops, MIPS and getting root on them, OpenZFS for HPC Clusters, Self-Hosted Bookmarks using DAV and httpd on OpenBSD, Terraform + Proxmox + OpenBSD = &amp;lt;3, WOL Plex Server, Against innovation, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://oldvcr.blogspot.com/2023/04/of-sun-ray-laptops-mips-and-getting.html" rel="nofollow noopener"&gt;Of Sun Ray laptops, MIPS and getting root on them&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/openzfs-openzfs-for-hpc-clusters/" rel="nofollow noopener"&gt;OpenZFS for HPC Clusters&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.tumfatig.net/2023/self-hosted-bookmarks-using-dav-and-httpd-on-openbsd/" rel="nofollow noopener"&gt;Self-Hosted Bookmarks using DAV and httpd on OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://x61.sh/log/2023/05/19052023172439-terraform_proxmox_openbsd.html" rel="nofollow noopener"&gt;Terraform + Proxmox + OpenBSD = &amp;lt;3&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://maximiliangolla.com/blog/2022-10-wol-plex-server/" rel="nofollow noopener"&gt;WOL Plex Server&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://dadadrummer.substack.com/p/against-innovation" rel="nofollow noopener"&gt;Against Innovation&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, cli, unix, os, berkeley, software, distribution, development, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, Sun ray, laptop, MIPS, root, HPC, high performance computing, clusters, self-hosted, bookmarks, dav, httpd, terraform, proxmox, wol, plex, innovation</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Sun Ray laptops, MIPS and getting root on them, OpenZFS for HPC Clusters, Self-Hosted Bookmarks using DAV and httpd on OpenBSD, Terraform + Proxmox + OpenBSD = &lt;3, WOL Plex Server, Against innovation, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://oldvcr.blogspot.com/2023/04/of-sun-ray-laptops-mips-and-getting.html" rel="nofollow noopener">Of Sun Ray laptops, MIPS and getting root on them</a></h3>

<hr>

<h3><a href="https://klarasystems.com/articles/openzfs-openzfs-for-hpc-clusters/" rel="nofollow noopener">OpenZFS for HPC Clusters</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.tumfatig.net/2023/self-hosted-bookmarks-using-dav-and-httpd-on-openbsd/" rel="nofollow noopener">Self-Hosted Bookmarks using DAV and httpd on OpenBSD</a></h3>

<hr>

<h3><a href="https://x61.sh/log/2023/05/19052023172439-terraform_proxmox_openbsd.html" rel="nofollow noopener">Terraform + Proxmox + OpenBSD = &lt;3</a></h3>

<hr>

<h3><a href="https://maximiliangolla.com/blog/2022-10-wol-plex-server/" rel="nofollow noopener">WOL Plex Server</a></h3>

<hr>

<h3><a href="https://dadadrummer.substack.com/p/against-innovation" rel="nofollow noopener">Against Innovation</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Sun Ray laptops, MIPS and getting root on them, OpenZFS for HPC Clusters, Self-Hosted Bookmarks using DAV and httpd on OpenBSD, Terraform + Proxmox + OpenBSD = &lt;3, WOL Plex Server, Against innovation, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://oldvcr.blogspot.com/2023/04/of-sun-ray-laptops-mips-and-getting.html" rel="nofollow noopener">Of Sun Ray laptops, MIPS and getting root on them</a></h3>

<hr>

<h3><a href="https://klarasystems.com/articles/openzfs-openzfs-for-hpc-clusters/" rel="nofollow noopener">OpenZFS for HPC Clusters</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.tumfatig.net/2023/self-hosted-bookmarks-using-dav-and-httpd-on-openbsd/" rel="nofollow noopener">Self-Hosted Bookmarks using DAV and httpd on OpenBSD</a></h3>

<hr>

<h3><a href="https://x61.sh/log/2023/05/19052023172439-terraform_proxmox_openbsd.html" rel="nofollow noopener">Terraform + Proxmox + OpenBSD = &lt;3</a></h3>

<hr>

<h3><a href="https://maximiliangolla.com/blog/2022-10-wol-plex-server/" rel="nofollow noopener">WOL Plex Server</a></h3>

<hr>

<h3><a href="https://dadadrummer.substack.com/p/against-innovation" rel="nofollow noopener">Against Innovation</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>]]>
  </itunes:summary>
</item>
<item>
  <title>467: Minecraft on NetBSD</title>
  <link>https://www.bsdnow.tv/467</link>
  <guid isPermaLink="false">9b71b507-e030-4903-b7ea-9abf525548cd</guid>
  <pubDate>Thu, 11 Aug 2022 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/9b71b507-e030-4903-b7ea-9abf525548cd.mp3" length="29179728" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Installing BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the `yes` Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more</itunes:subtitle>
  <itunes:duration>48:30</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Installing BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the &lt;code&gt;yes&lt;/code&gt; Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://mekboy.ru/post/bsd-on-cubieboard1.en/" rel="nofollow noopener"&gt;Installing BSDs on Cubieboard1&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://citizen428.net/blog/self-hosting-static-site-openbsd-httpd-relayd/" rel="nofollow noopener"&gt;Self-hosting a static site with OpenBSD, httpd, and relayd&lt;/a&gt;&lt;/h3&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://rubenerd.com/netbsd-can-also-run-a-minecraft-server/" rel="nofollow noopener"&gt;NetBSD can also run a Minecraft server&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://endler.dev/2017/yes/" rel="nofollow noopener"&gt;A Little Story About the &lt;code&gt;yes&lt;/code&gt; Unix Command&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://portal.mozz.us/gemini/auragem.space/%7Ekrixano/ShellHistory-Unix.pdf" rel="nofollow noopener"&gt;Shell History: Unix&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://undeadly.org/cgi?action=article;sid=20220716101930" rel="nofollow noopener"&gt;OpenBGPD 7.5 released&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;Beastie Bits&lt;/h2&gt;

&lt;hr&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Ludensen%20-%20Feedback.md" rel="nofollow noopener"&gt;Ludensen - Feedback&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Vidar%20-%20OpenRGB.md" rel="nofollow noopener"&gt;Vidar - OpenRGB&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, filesystem, interview, ports, packages, jails, cubieboard1, self-hosting, static-site, static website, httpd, relayd, minecraft, story, yes, unix command, shell history, openbgpd</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Installing BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the <code>yes</code> Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://mekboy.ru/post/bsd-on-cubieboard1.en/" rel="nofollow noopener">Installing BSDs on Cubieboard1</a></h3>

<hr>

<h3><a href="https://citizen428.net/blog/self-hosting-static-site-openbsd-httpd-relayd/" rel="nofollow noopener">Self-hosting a static site with OpenBSD, httpd, and relayd</a></h3>

<h2>News Roundup</h2>

<h3><a href="https://rubenerd.com/netbsd-can-also-run-a-minecraft-server/" rel="nofollow noopener">NetBSD can also run a Minecraft server</a></h3>

<hr>

<h3><a href="https://endler.dev/2017/yes/" rel="nofollow noopener">A Little Story About the <code>yes</code> Unix Command</a></h3>

<hr>

<h3><a href="https://portal.mozz.us/gemini/auragem.space/%7Ekrixano/ShellHistory-Unix.pdf" rel="nofollow noopener">Shell History: Unix</a></h3>

<hr>

<h3><a href="https://undeadly.org/cgi?action=article;sid=20220716101930" rel="nofollow noopener">OpenBGPD 7.5 released</a></h3>

<hr>

<h2>Beastie Bits</h2>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Ludensen%20-%20Feedback.md" rel="nofollow noopener">Ludensen - Feedback</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Vidar%20-%20OpenRGB.md" rel="nofollow noopener">Vidar - OpenRGB</a></p></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Installing BSDs on Cubieboard1, Self-hosting a static site with OpenBSD, httpd, and relayd, NetBSD can also run a Minecraft server, A Little Story About the <code>yes</code> Unix Command, Shell History: Unix, OpenBGPD 7.5 released, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://mekboy.ru/post/bsd-on-cubieboard1.en/" rel="nofollow noopener">Installing BSDs on Cubieboard1</a></h3>

<hr>

<h3><a href="https://citizen428.net/blog/self-hosting-static-site-openbsd-httpd-relayd/" rel="nofollow noopener">Self-hosting a static site with OpenBSD, httpd, and relayd</a></h3>

<h2>News Roundup</h2>

<h3><a href="https://rubenerd.com/netbsd-can-also-run-a-minecraft-server/" rel="nofollow noopener">NetBSD can also run a Minecraft server</a></h3>

<hr>

<h3><a href="https://endler.dev/2017/yes/" rel="nofollow noopener">A Little Story About the <code>yes</code> Unix Command</a></h3>

<hr>

<h3><a href="https://portal.mozz.us/gemini/auragem.space/%7Ekrixano/ShellHistory-Unix.pdf" rel="nofollow noopener">Shell History: Unix</a></h3>

<hr>

<h3><a href="https://undeadly.org/cgi?action=article;sid=20220716101930" rel="nofollow noopener">OpenBGPD 7.5 released</a></h3>

<hr>

<h2>Beastie Bits</h2>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Ludensen%20-%20Feedback.md" rel="nofollow noopener">Ludensen - Feedback</a></p></li>
<li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/467/feedback/Vidar%20-%20OpenRGB.md" rel="nofollow noopener">Vidar - OpenRGB</a></p></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>406: Jailed Gemini Capsule</title>
  <link>https://www.bsdnow.tv/406</link>
  <guid isPermaLink="false">e3529950-4aa4-49f7-833d-0218a912b866</guid>
  <pubDate>Thu, 10 Jun 2021 03:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e3529950-4aa4-49f7-833d-0218a912b866.mp3" length="33123216" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.</itunes:subtitle>
  <itunes:duration>54:01</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.ecliptik.com/Gemini-Capsule-in-a-FreeBSD-Jail/" rel="nofollow noopener"&gt;Gemini Capsule in a FreeBSD Jail&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;With the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.&lt;br&gt;
In particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.&lt;br&gt;
I also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-announce/2021-May/002033.html" rel="nofollow noopener"&gt;FreeBSD Quarterly status report 2021Q1&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://bentsukun.ch/posts/bhyve-netbsd/" rel="nofollow noopener"&gt;NetBSD VM on bhyve (on TrueNAS)&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;My new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.&lt;br&gt;
TrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.cyberciti.biz/interview/michael-lucas-bsd-unix-it-and-other-books-author/" rel="nofollow noopener"&gt;Interview with Michael Lucas *BSD, Unix, IT and other books author&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Michael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.&lt;br&gt;
+&lt;/p&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.netgate.com/blog/pfsense-wireguard-returns-as-an-experimental-package.html" rel="nofollow noopener"&gt;pfSense – WireGuard Returns as Experimental Package&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://box.matto.nl/cgi-with-awk-on-openbsd-httpd.html" rel="nofollow noopener"&gt;CGI with Awk on OpenBSD httpd&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;
&lt;/blockquote&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questionsing&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/Adam%20-%20system%20state%20during%20upgrade" rel="nofollow noopener"&gt;Adam - system state during upgrade&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/paul%20-%20BSD%20grep" rel="nofollow noopener"&gt;paul - BSD grep&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/sub%20-%20feedback" rel="nofollow noopener"&gt;sub - feedback&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, release, zfs, zpool, dataset, interview, ports, packages, gemini capsule, jail, status report, vm, bhyve, Michael Lucas, wireguard, experimental package, pfsense, cgi, awk, httpd</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.ecliptik.com/Gemini-Capsule-in-a-FreeBSD-Jail/" rel="nofollow noopener">Gemini Capsule in a FreeBSD Jail</a></h3>

<blockquote>
<p>With the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.<br>
In particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.<br>
I also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.</p>
</blockquote>

<hr>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2021-May/002033.html" rel="nofollow noopener">FreeBSD Quarterly status report 2021Q1</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://bentsukun.ch/posts/bhyve-netbsd/" rel="nofollow noopener">NetBSD VM on bhyve (on TrueNAS)</a></h3>

<blockquote>
<p>My new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.<br>
TrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).</p>
</blockquote>

<hr>

<h3><a href="https://www.cyberciti.biz/interview/michael-lucas-bsd-unix-it-and-other-books-author/" rel="nofollow noopener">Interview with Michael Lucas *BSD, Unix, IT and other books author</a></h3>

<blockquote>
<p>Michael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.<br>
+</p>

<hr>

<h3><a href="https://www.netgate.com/blog/pfsense-wireguard-returns-as-an-experimental-package.html" rel="nofollow noopener">pfSense – WireGuard Returns as Experimental Package</a></h3>

<hr>

<h3><a href="https://box.matto.nl/cgi-with-awk-on-openbsd-httpd.html" rel="nofollow noopener">CGI with Awk on OpenBSD httpd</a></h3>

<hr>
</blockquote>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questionsing</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/Adam%20-%20system%20state%20during%20upgrade" rel="nofollow noopener">Adam - system state during upgrade</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/paul%20-%20BSD%20grep" rel="nofollow noopener">paul - BSD grep</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/sub%20-%20feedback" rel="nofollow noopener">sub - feedback</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Gemini Capsule in a FreeBSD Jail, FreeBSD Quarterly status report 2021Q1, NetBSD VM on bhyve (on TrueNAS), Interview with Michael Lucas, WireGuard Returns as Experimental Package in pfSense, CGI with Awk on OpenBSD httpd, and more.</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.ecliptik.com/Gemini-Capsule-in-a-FreeBSD-Jail/" rel="nofollow noopener">Gemini Capsule in a FreeBSD Jail</a></h3>

<blockquote>
<p>With the recent release of FreeBSD 13, I wanted to test it out on a spare RaspberryPi 3 that was part of my old Kubernetes cluster.<br>
In particular, FreeBSD Jails have always interested me, although I’ve never used them in practice. Over the years I’ve managed operating system virtualization through Solaris Zones and Docker containers, and Jails seem like and good middle ground between the two - easier to manage than zones and closer to the OS than Docker.<br>
I also want to run my own Gemini capsule locally to use some of the features that my other hosted capsules don’t have (like SCGI/CGI) and setting up a capsule in a Jail is a good way to learn both at the same time.</p>
</blockquote>

<hr>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-announce/2021-May/002033.html" rel="nofollow noopener">FreeBSD Quarterly status report 2021Q1</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://bentsukun.ch/posts/bhyve-netbsd/" rel="nofollow noopener">NetBSD VM on bhyve (on TrueNAS)</a></h3>

<blockquote>
<p>My new NAS at home is running TrueNAS Core. So far, it has been excellent, however I struggled a bit setting up a NetBSD VM on it. Part of the problem is that a lot of the docs and how-tos I found are stale, and the information in it no longer applies.<br>
TrueNAS Core allows running VMs using bhyve, which is FreeBSD’s hypervisor. NetBSD is not an officially supported OS, at least according to the guest OS chooser in the TrueNAS web UI :) But since the release of NetBSD 9 a while ago, things have become far simpler than they used to be – with one caveat (see below).</p>
</blockquote>

<hr>

<h3><a href="https://www.cyberciti.biz/interview/michael-lucas-bsd-unix-it-and-other-books-author/" rel="nofollow noopener">Interview with Michael Lucas *BSD, Unix, IT and other books author</a></h3>

<blockquote>
<p>Michael Lucas is a famous IT book author. Perhaps best know for FreeBSD, OpenBSD, and Unix book series. He worked as a system administrator for many years and has now become a full-time book writer. Lately, I did a quick Q and A with Michael about his journey as a professional book author and his daily workflow for writing books.<br>
+</p>

<hr>

<h3><a href="https://www.netgate.com/blog/pfsense-wireguard-returns-as-an-experimental-package.html" rel="nofollow noopener">pfSense – WireGuard Returns as Experimental Package</a></h3>

<hr>

<h3><a href="https://box.matto.nl/cgi-with-awk-on-openbsd-httpd.html" rel="nofollow noopener">CGI with Awk on OpenBSD httpd</a></h3>

<hr>
</blockquote>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</li>
</ul>

<h2>Feedback/Questionsing</h2>

<ul>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/Adam%20-%20system%20state%20during%20upgrade" rel="nofollow noopener">Adam - system state during upgrade</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/paul%20-%20BSD%20grep" rel="nofollow noopener">paul - BSD grep</a></li>
<li><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/406/feedback/sub%20-%20feedback" rel="nofollow noopener">sub - feedback</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>96: Lost Technology</title>
  <link>https://www.bsdnow.tv/96</link>
  <guid isPermaLink="false">a1813e16-466a-4617-9bb0-24dbdc1cb5f2</guid>
  <pubDate>Wed, 01 Jul 2015 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/a1813e16-466a-4617-9bb0-24dbdc1cb5f2.mp3" length="52701844" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up this week, we'll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He'll tell us what makes these old (and often forgotten) machines so interesting. As usual, we've also got answers to your emails and all this week's news on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:13:11</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up this week, we'll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He'll tell us what makes these old (and often forgotten) machines so interesting. As usual, we've also got answers to your emails and all this week's news on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.tedunangst.com/flak/post/out-with-the-old-in-with-the-less" rel="nofollow noopener"&gt;Out with the old, in with the less&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Our friend Ted Unangst has a new article up, talking about "various OpenBSD replacements and reductions"&lt;/li&gt;
&lt;li&gt;"Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs."&lt;/li&gt;
&lt;li&gt;In the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure&lt;/li&gt;
&lt;li&gt;It starts off with a lesser-known SCSI driver that "tried to do too much" being replaced with three separate drivers&lt;/li&gt;
&lt;li&gt;"Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver."&lt;/li&gt;
&lt;li&gt;In contrast to that example, he goes on to cite mandoc as taking a very non "unixy" direction, but at the same time being smaller and simpler than all the tools it replaced&lt;/li&gt;
&lt;li&gt;The next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)&lt;/li&gt;
&lt;li&gt;He also talks about the rewritten "file" utility: "Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it."&lt;/li&gt;
&lt;li&gt;Finally, sudo in OpenBSD's base system is moving to ports soon, and the article briefly describes a new tool that &lt;a href="https://marc.info/?l=openbsd-ports&amp;amp;m=143481227122523&amp;amp;w=2" rel="nofollow noopener"&gt;may or may not replace it&lt;/a&gt;, called "doas"&lt;/li&gt;
&lt;li&gt;There's also a nice wrap-up of all the examples at the end, and the "&lt;a href="http://www.openbsd.org/papers/pruning.html" rel="nofollow noopener"&gt;Pruning and Polishing&lt;/a&gt;" talk is good complementary reading material
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow/videos" rel="nofollow noopener"&gt;More OpenZFS and BSDCan videos&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We mentioned &lt;a href="http://www.bsdnow.tv/episodes/2015_06_24-bitrot_group_therapy" rel="nofollow noopener"&gt;last week&lt;/a&gt; that some of the videos from the second OpenZFS conference in Europe were being uploaded - here's some more&lt;/li&gt;
&lt;li&gt;Matt Ahrens did &lt;a href="https://www.youtube.com/watch?v=I6fXZ_6OT5c" rel="nofollow noopener"&gt;a Q&amp;amp;A session&lt;/a&gt; and talked about ZFS &lt;a href="https://www.youtube.com/watch?v=iY44jPMvxog" rel="nofollow noopener"&gt;send and receive&lt;/a&gt;, as well as giving an &lt;a href="https://www.youtube.com/watch?v=RQlMDmnty80" rel="nofollow noopener"&gt;overview of OpenZFS&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;George Wilson talked about a &lt;a href="https://www.youtube.com/watch?v=KBI6rRGUv4E" rel="nofollow noopener"&gt;performance retrospective&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.youtube.com/watch?v=sSi47-k78IM" rel="nofollow noopener"&gt;Toshiba&lt;/a&gt;, &lt;a href="https://www.youtube.com/watch?v=Hhje5KEF5cE" rel="nofollow noopener"&gt;Syneto&lt;/a&gt; and &lt;a href="https://www.youtube.com/watch?v=aKgxXipss8k" rel="nofollow noopener"&gt;HGST&lt;/a&gt; also gave some talks about their companies and how they're using ZFS&lt;/li&gt;
&lt;li&gt;As for BSDCan, more of their BSD presentations have been uploaded too...&lt;/li&gt;
&lt;li&gt;Ryan Stone, &lt;a href="https://www.youtube.com/watch?v=INeMd-i5jzM" rel="nofollow noopener"&gt;PCI SR-IOV on FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;George Neville-Neil, &lt;a href="https://www.youtube.com/watch?v=LE4wMsP7zeA" rel="nofollow noopener"&gt;Measure Twice, Code Once&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Kris Moore, &lt;a href="https://www.youtube.com/watch?v=qNYXqpJiFN0" rel="nofollow noopener"&gt;Unifying jail and package management for PC-BSD, FreeNAS and FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Warner Losh, &lt;a href="https://www.youtube.com/watch?v=3WqOLolj5EU" rel="nofollow noopener"&gt;I/O Scheduling in CAM&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Kirk McKusick, &lt;a href="https://www.youtube.com/watch?v=l-RCLgLxuSc" rel="nofollow noopener"&gt;An Introduction to the Implementation of ZFS&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Midori Kato, &lt;a href="https://www.youtube.com/watch?v=zZXvjhWcg_4" rel="nofollow noopener"&gt;Extensions to FreeBSD Datacenter TCP for Incremental Deployment Support&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Baptiste Daroussin, &lt;a href="https://www.youtube.com/watch?v=Br6izhH5P1I" rel="nofollow noopener"&gt;Packaging FreeBSD's&lt;/a&gt; &lt;a href="https://www.youtube.com/watch?v=v7px6ktoDAI" rel="nofollow noopener"&gt;base system&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Matt Ahrens, &lt;a href="https://www.youtube.com/watch?v=UOX7WDAjqso" rel="nofollow noopener"&gt;New OpenZFS features supporting remote replication&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Ed Schouten, &lt;a href="https://www.youtube.com/watch?v=SVdF84x1EdA" rel="nofollow noopener"&gt;CloudABI Cloud computing meets fine-grained capabilities&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;The audio of Ingo Schwarze's talk "mandoc: becoming the main BSD manual toolbox" got messed up, but there's an alternate recording &lt;a href="http://www.bsdcan.org/2015/audio/mandoc.mp3" rel="nofollow noopener"&gt;here&lt;/a&gt;, and the slides are &lt;a href="http://www.openbsd.org/papers/bsdcan15-mandoc.pdf" rel="nofollow noopener"&gt;here&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=143526329006942&amp;amp;w=2" rel="nofollow noopener"&gt;SMP steroids for PF&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;An Oracle employee that's been porting OpenBSD's PF to an upcoming Solaris release has sent in an interesting patch for review&lt;/li&gt;
&lt;li&gt;Attached to the mail was what may be the beginnings of making native PF SMP-aware&lt;/li&gt;
&lt;li&gt;Before you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind - this is just one piece of the puzzle&lt;/li&gt;
&lt;li&gt;The &lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=143532243322281&amp;amp;w=2" rel="nofollow noopener"&gt;initial response&lt;/a&gt; has been quite positive though, with some &lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=143532963824548&amp;amp;w=2" rel="nofollow noopener"&gt;back and forth&lt;/a&gt; between developers and the submitter&lt;/li&gt;
&lt;li&gt;For now, let's be patient and see what happens
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.dragonflybsd.org/release42/" rel="nofollow noopener"&gt;DragonFly 4.2.0 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;DragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes&lt;/li&gt;
&lt;li&gt;i915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release&lt;/li&gt;
&lt;li&gt;Sendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there's &lt;a href="http://www.dragonflybsd.com/docs/docs/newhandbook/mta/" rel="nofollow noopener"&gt;a wiki page&lt;/a&gt; about configuring it&lt;/li&gt;
&lt;li&gt;They've also switched the default compiler to GCC 5, though why they've gone in that direction instead of embracing Clang is a mystery&lt;/li&gt;
&lt;li&gt;The announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools&lt;/li&gt;
&lt;li&gt;Work is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement&lt;/li&gt;
&lt;li&gt;There was also some &lt;a href="https://news.ycombinator.com/item?id=9797932" rel="nofollow noopener"&gt;hacker news discussion&lt;/a&gt; you can check out, as well as &lt;a href="http://lists.dragonflybsd.org/pipermail/users/2015-June/207801.html" rel="nofollow noopener"&gt;upgrade instructions&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://opensmtpd.org/announces/release-5.7.1.txt" rel="nofollow noopener"&gt;OpenSMTPD 5.7.1 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently&lt;/li&gt;
&lt;li&gt;Crypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default&lt;/li&gt;
&lt;li&gt;The long-awaited filter API is now enabled by default, though still considered slightly experimental&lt;/li&gt;
&lt;li&gt;Documentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)&lt;/li&gt;
&lt;li&gt;Many more small additions and bugfixes were made, so check the changelog for the full list&lt;/li&gt;
&lt;li&gt;Starting with 5.7.1, releases are now &lt;a href="https://twitter.com/OpenSMTPD/status/613257722574839808" rel="nofollow noopener"&gt;cryptographically&lt;/a&gt; &lt;a href="https://www.opensmtpd.org/archives/opensmtpd-5.7.1.sum.sig" rel="nofollow noopener"&gt;signed&lt;/a&gt; to ensure integrity&lt;/li&gt;
&lt;li&gt;This release has gone through some major stress testing to ensure stability - Gilles regularly asks their Twitter followers to &lt;a href="https://twitter.com/OpenSMTPD/status/608399272447471616" rel="nofollow noopener"&gt;flood a test server&lt;/a&gt; with thousands of emails per second, even &lt;a href="https://twitter.com/OpenSMTPD/status/608235180839567360" rel="nofollow noopener"&gt;offering prizes&lt;/a&gt; to whoever can DDoS them the hardest&lt;/li&gt;
&lt;li&gt;OpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately&lt;/li&gt;
&lt;li&gt;Let's all &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;encourage&lt;/a&gt; Kris to stop procrastinating on switching from Postfix
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Jun Ebihara (蛯原純) - &lt;a href="mailto:jun@netbsd.org" rel="nofollow noopener"&gt;jun@netbsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/ebijun" rel="nofollow noopener"&gt;@ebijun&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Lesser-known CPU architectures, embedded NetBSD devices&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-steven-douglas.html" rel="nofollow noopener"&gt;FreeBSD foundation at BSDCan&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The FreeBSD foundation has posted a few BSDCan summaries on their blog&lt;/li&gt;
&lt;li&gt;The first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: "Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people."&lt;/li&gt;
&lt;li&gt;He got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily&lt;/li&gt;
&lt;li&gt;Their &lt;a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-ahmed-kamal.html" rel="nofollow noopener"&gt;second&lt;/a&gt; trip report is from Ahmed Kamal, who flew in all the way from Egypt&lt;/li&gt;
&lt;li&gt;A bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum's about MINIX and NetBSD&lt;/li&gt;
&lt;li&gt;There are also two more wrap-ups from &lt;a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-zbigniew-bodek.html" rel="nofollow noopener"&gt;Zbigniew Bodek&lt;/a&gt; and &lt;a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-vsevolod-stakhov.html" rel="nofollow noopener"&gt;Vsevolod Stakhov&lt;/a&gt;, so you've got plenty to read
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html" rel="nofollow noopener"&gt;OpenBSD from a veteran Linux user perspective&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;In a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time&lt;/li&gt;
&lt;li&gt;"For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an 'old-school' Linux admin, and I've felt out of place with the latest changes on the system administration."&lt;/li&gt;
&lt;li&gt;The post is a collection of his thoughts about what's different between Linux and BSD, what surprised him as a beginner - admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags&lt;/li&gt;
&lt;li&gt;One of the things that surprised him (in a positive way) was the documentation: "OpenBSD's man pages are so nice that RTFMing somebody on the internet is not condescending but selfless."&lt;/li&gt;
&lt;li&gt;He also goes through some of the basics, installing and updating software, following different branches&lt;/li&gt;
&lt;li&gt;It concludes with "If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern."
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://sysconfig.org.uk/freebsd-on-the-desktop-am-i-crazy.html" rel="nofollow noopener"&gt;FreeBSD on the desktop, am I crazy&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Similar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up - this time about FreeBSD on the desktop&lt;/li&gt;
&lt;li&gt;He begins with a bit of forewarning for potential Linux switchers: "It certainly wasn't an easy journey, and I'm tempted to say do not try this at home to anybody who isn't going to leverage any of FreeBSD's strong points. Definitely don't try FreeBSD on the desktop if you haven't used it on servers or virtual machines before. It's got less in common with Linux than you might think."&lt;/li&gt;
&lt;li&gt;With that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd&lt;/li&gt;
&lt;li&gt;The rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash&lt;/li&gt;
&lt;li&gt;Also worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well&lt;/li&gt;
&lt;li&gt;In the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.netflask.net/ipsec-ikev2-cisco-csr1000v-openiked/" rel="nofollow noopener"&gt;OpenIKED and Cisco CSR 1000v IPSEC&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED&lt;/li&gt;
&lt;li&gt;What kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud&lt;/li&gt;
&lt;li&gt;There are lots of details (and example configuration files) for using IKEv2 and OpenBSD's built-in IKE daemon&lt;/li&gt;
&lt;li&gt;It also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that's afraid to try them… don't be
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://github.com/HardenedBSD/hardenedBSD/commit/bd5cecb4dc7947a5e214fc100834399b4bffdee8" rel="nofollow noopener"&gt;HardenedBSD improves stack randomization&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area&lt;/li&gt;
&lt;li&gt;In their initial implementation, the stack randomization was a random gap - this update makes the base address randomized as well&lt;/li&gt;
&lt;li&gt;They're now stacking the new on top of the old as well, with the goal being even more entropy&lt;/li&gt;
&lt;li&gt;This change triggered an ABI and API incompatibility, so their major version has been bumped
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.mindrot.org/pipermail/openssh-unix-announce/2015-July/000121.html" rel="nofollow noopener"&gt;OpenSSH 6.9 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes&lt;/li&gt;
&lt;li&gt;There are a couple new things though - the "AuthorizedKeysCommand" config option now takes custom arguments&lt;/li&gt;
&lt;li&gt;One very notable change is that &lt;strong&gt;the default cipher has changed&lt;/strong&gt; as of this release&lt;/li&gt;
&lt;li&gt;The traditional pairing of AES128 in counter mode with MD5 HMAC has been &lt;em&gt;replaced&lt;/em&gt; by the ever-trendy ChaCha20-Poly1305 combo&lt;/li&gt;
&lt;li&gt;Their next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to "no" by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they're under 1024 bits&lt;/li&gt;
&lt;li&gt;Many small bugs fixes and improvements were also made, so check the announcement for everything else&lt;/li&gt;
&lt;li&gt;The native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2Ws6Y2rZy" rel="nofollow noopener"&gt;Brad writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21GvZ5xbs" rel="nofollow noopener"&gt;Mason writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s209TrPK4e" rel="nofollow noopener"&gt;Jochen writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21TQjUjxv" rel="nofollow noopener"&gt;Simon writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, osc, embedded, japanese, users group, pf, smp, multithreading, file, solaris, httpd, leap second, openzfs, zfs, opensmtpd</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up this week, we'll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He'll tell us what makes these old (and often forgotten) machines so interesting. As usual, we've also got answers to your emails and all this week's news on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://www.tedunangst.com/flak/post/out-with-the-old-in-with-the-less" rel="nofollow noopener">Out with the old, in with the less</a></h3>

<ul>
<li>Our friend Ted Unangst has a new article up, talking about "various OpenBSD replacements and reductions"</li>
<li>"Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs."</li>
<li>In the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure</li>
<li>It starts off with a lesser-known SCSI driver that "tried to do too much" being replaced with three separate drivers</li>
<li>"Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver."</li>
<li>In contrast to that example, he goes on to cite mandoc as taking a very non "unixy" direction, but at the same time being smaller and simpler than all the tools it replaced</li>
<li>The next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)</li>
<li>He also talks about the rewritten "file" utility: "Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it."</li>
<li>Finally, sudo in OpenBSD's base system is moving to ports soon, and the article briefly describes a new tool that <a href="https://marc.info/?l=openbsd-ports&amp;m=143481227122523&amp;w=2" rel="nofollow noopener">may or may not replace it</a>, called "doas"</li>
<li>There's also a nice wrap-up of all the examples at the end, and the "<a href="http://www.openbsd.org/papers/pruning.html" rel="nofollow noopener">Pruning and Polishing</a>" talk is good complementary reading material
***</li>
</ul>

<h3><a href="https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow/videos" rel="nofollow noopener">More OpenZFS and BSDCan videos</a></h3>

<ul>
<li>We mentioned <a href="http://www.bsdnow.tv/episodes/2015_06_24-bitrot_group_therapy" rel="nofollow noopener">last week</a> that some of the videos from the second OpenZFS conference in Europe were being uploaded - here's some more</li>
<li>Matt Ahrens did <a href="https://www.youtube.com/watch?v=I6fXZ_6OT5c" rel="nofollow noopener">a Q&amp;A session</a> and talked about ZFS <a href="https://www.youtube.com/watch?v=iY44jPMvxog" rel="nofollow noopener">send and receive</a>, as well as giving an <a href="https://www.youtube.com/watch?v=RQlMDmnty80" rel="nofollow noopener">overview of OpenZFS</a></li>
<li>George Wilson talked about a <a href="https://www.youtube.com/watch?v=KBI6rRGUv4E" rel="nofollow noopener">performance retrospective</a></li>
<li><a href="https://www.youtube.com/watch?v=sSi47-k78IM" rel="nofollow noopener">Toshiba</a>, <a href="https://www.youtube.com/watch?v=Hhje5KEF5cE" rel="nofollow noopener">Syneto</a> and <a href="https://www.youtube.com/watch?v=aKgxXipss8k" rel="nofollow noopener">HGST</a> also gave some talks about their companies and how they're using ZFS</li>
<li>As for BSDCan, more of their BSD presentations have been uploaded too...</li>
<li>Ryan Stone, <a href="https://www.youtube.com/watch?v=INeMd-i5jzM" rel="nofollow noopener">PCI SR-IOV on FreeBSD</a></li>
<li>George Neville-Neil, <a href="https://www.youtube.com/watch?v=LE4wMsP7zeA" rel="nofollow noopener">Measure Twice, Code Once</a></li>
<li>Kris Moore, <a href="https://www.youtube.com/watch?v=qNYXqpJiFN0" rel="nofollow noopener">Unifying jail and package management for PC-BSD, FreeNAS and FreeBSD</a></li>
<li>Warner Losh, <a href="https://www.youtube.com/watch?v=3WqOLolj5EU" rel="nofollow noopener">I/O Scheduling in CAM</a></li>
<li>Kirk McKusick, <a href="https://www.youtube.com/watch?v=l-RCLgLxuSc" rel="nofollow noopener">An Introduction to the Implementation of ZFS</a></li>
<li>Midori Kato, <a href="https://www.youtube.com/watch?v=zZXvjhWcg_4" rel="nofollow noopener">Extensions to FreeBSD Datacenter TCP for Incremental Deployment Support</a></li>
<li>Baptiste Daroussin, <a href="https://www.youtube.com/watch?v=Br6izhH5P1I" rel="nofollow noopener">Packaging FreeBSD's</a> <a href="https://www.youtube.com/watch?v=v7px6ktoDAI" rel="nofollow noopener">base system</a></li>
<li>Matt Ahrens, <a href="https://www.youtube.com/watch?v=UOX7WDAjqso" rel="nofollow noopener">New OpenZFS features supporting remote replication</a></li>
<li>Ed Schouten, <a href="https://www.youtube.com/watch?v=SVdF84x1EdA" rel="nofollow noopener">CloudABI Cloud computing meets fine-grained capabilities</a></li>
<li>The audio of Ingo Schwarze's talk "mandoc: becoming the main BSD manual toolbox" got messed up, but there's an alternate recording <a href="http://www.bsdcan.org/2015/audio/mandoc.mp3" rel="nofollow noopener">here</a>, and the slides are <a href="http://www.openbsd.org/papers/bsdcan15-mandoc.pdf" rel="nofollow noopener">here</a>
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=143526329006942&amp;w=2" rel="nofollow noopener">SMP steroids for PF</a></h3>

<ul>
<li>An Oracle employee that's been porting OpenBSD's PF to an upcoming Solaris release has sent in an interesting patch for review</li>
<li>Attached to the mail was what may be the beginnings of making native PF SMP-aware</li>
<li>Before you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind - this is just one piece of the puzzle</li>
<li>The <a href="https://www.marc.info/?l=openbsd-tech&amp;m=143532243322281&amp;w=2" rel="nofollow noopener">initial response</a> has been quite positive though, with some <a href="https://www.marc.info/?l=openbsd-tech&amp;m=143532963824548&amp;w=2" rel="nofollow noopener">back and forth</a> between developers and the submitter</li>
<li>For now, let's be patient and see what happens
***</li>
</ul>

<h3><a href="http://www.dragonflybsd.org/release42/" rel="nofollow noopener">DragonFly 4.2.0 released</a></h3>

<ul>
<li>DragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes</li>
<li>i915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release</li>
<li>Sendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there's <a href="http://www.dragonflybsd.com/docs/docs/newhandbook/mta/" rel="nofollow noopener">a wiki page</a> about configuring it</li>
<li>They've also switched the default compiler to GCC 5, though why they've gone in that direction instead of embracing Clang is a mystery</li>
<li>The announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools</li>
<li>Work is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement</li>
<li>There was also some <a href="https://news.ycombinator.com/item?id=9797932" rel="nofollow noopener">hacker news discussion</a> you can check out, as well as <a href="http://lists.dragonflybsd.org/pipermail/users/2015-June/207801.html" rel="nofollow noopener">upgrade instructions</a>
***</li>
</ul>

<h3><a href="https://opensmtpd.org/announces/release-5.7.1.txt" rel="nofollow noopener">OpenSMTPD 5.7.1 released</a></h3>

<ul>
<li>The OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently</li>
<li>Crypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default</li>
<li>The long-awaited filter API is now enabled by default, though still considered slightly experimental</li>
<li>Documentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)</li>
<li>Many more small additions and bugfixes were made, so check the changelog for the full list</li>
<li>Starting with 5.7.1, releases are now <a href="https://twitter.com/OpenSMTPD/status/613257722574839808" rel="nofollow noopener">cryptographically</a> <a href="https://www.opensmtpd.org/archives/opensmtpd-5.7.1.sum.sig" rel="nofollow noopener">signed</a> to ensure integrity</li>
<li>This release has gone through some major stress testing to ensure stability - Gilles regularly asks their Twitter followers to <a href="https://twitter.com/OpenSMTPD/status/608399272447471616" rel="nofollow noopener">flood a test server</a> with thousands of emails per second, even <a href="https://twitter.com/OpenSMTPD/status/608235180839567360" rel="nofollow noopener">offering prizes</a> to whoever can DDoS them the hardest</li>
<li>OpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately</li>
<li>Let's all <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">encourage</a> Kris to stop procrastinating on switching from Postfix
***</li>
</ul>

<h2>Interview - Jun Ebihara (蛯原純) - <a href="mailto:jun@netbsd.org" rel="nofollow noopener">jun@netbsd.org</a> / <a href="https://twitter.com/ebijun" rel="nofollow noopener">@ebijun</a></h2>

<p>Lesser-known CPU architectures, embedded NetBSD devices</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-steven-douglas.html" rel="nofollow noopener">FreeBSD foundation at BSDCan</a></h3>

<ul>
<li>The FreeBSD foundation has posted a few BSDCan summaries on their blog</li>
<li>The first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: "Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people."</li>
<li>He got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily</li>
<li>Their <a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-ahmed-kamal.html" rel="nofollow noopener">second</a> trip report is from Ahmed Kamal, who flew in all the way from Egypt</li>
<li>A bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum's about MINIX and NetBSD</li>
<li>There are also two more wrap-ups from <a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-zbigniew-bodek.html" rel="nofollow noopener">Zbigniew Bodek</a> and <a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-vsevolod-stakhov.html" rel="nofollow noopener">Vsevolod Stakhov</a>, so you've got plenty to read
***</li>
</ul>

<h3><a href="http://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html" rel="nofollow noopener">OpenBSD from a veteran Linux user perspective</a></h3>

<ul>
<li>In a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time</li>
<li>"For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an 'old-school' Linux admin, and I've felt out of place with the latest changes on the system administration."</li>
<li>The post is a collection of his thoughts about what's different between Linux and BSD, what surprised him as a beginner - admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags</li>
<li>One of the things that surprised him (in a positive way) was the documentation: "OpenBSD's man pages are so nice that RTFMing somebody on the internet is not condescending but selfless."</li>
<li>He also goes through some of the basics, installing and updating software, following different branches</li>
<li>It concludes with "If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern."
***</li>
</ul>

<h3><a href="http://sysconfig.org.uk/freebsd-on-the-desktop-am-i-crazy.html" rel="nofollow noopener">FreeBSD on the desktop, am I crazy</a></h3>

<ul>
<li>Similar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up - this time about FreeBSD on the desktop</li>
<li>He begins with a bit of forewarning for potential Linux switchers: "It certainly wasn't an easy journey, and I'm tempted to say do not try this at home to anybody who isn't going to leverage any of FreeBSD's strong points. Definitely don't try FreeBSD on the desktop if you haven't used it on servers or virtual machines before. It's got less in common with Linux than you might think."</li>
<li>With that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd</li>
<li>The rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash</li>
<li>Also worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well</li>
<li>In the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too
***</li>
</ul>

<h3><a href="https://www.netflask.net/ipsec-ikev2-cisco-csr1000v-openiked/" rel="nofollow noopener">OpenIKED and Cisco CSR 1000v IPSEC</a></h3>

<ul>
<li>This article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED</li>
<li>What kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud</li>
<li>There are lots of details (and example configuration files) for using IKEv2 and OpenBSD's built-in IKE daemon</li>
<li>It also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that's afraid to try them… don't be
***</li>
</ul>

<h3><a href="https://github.com/HardenedBSD/hardenedBSD/commit/bd5cecb4dc7947a5e214fc100834399b4bffdee8" rel="nofollow noopener">HardenedBSD improves stack randomization</a></h3>

<ul>
<li>The HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area</li>
<li>In their initial implementation, the stack randomization was a random gap - this update makes the base address randomized as well</li>
<li>They're now stacking the new on top of the old as well, with the goal being even more entropy</li>
<li>This change triggered an ABI and API incompatibility, so their major version has been bumped
***</li>
</ul>

<h3><a href="https://lists.mindrot.org/pipermail/openssh-unix-announce/2015-July/000121.html" rel="nofollow noopener">OpenSSH 6.9 released</a></h3>

<ul>
<li>The OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes</li>
<li>There are a couple new things though - the "AuthorizedKeysCommand" config option now takes custom arguments</li>
<li>One very notable change is that <strong>the default cipher has changed</strong> as of this release</li>
<li>The traditional pairing of AES128 in counter mode with MD5 HMAC has been <em>replaced</em> by the ever-trendy ChaCha20-Poly1305 combo</li>
<li>Their next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to "no" by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they're under 1024 bits</li>
<li>Many small bugs fixes and improvements were also made, so check the announcement for everything else</li>
<li>The native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2Ws6Y2rZy" rel="nofollow noopener">Brad writes in</a></li>
<li><a href="http://slexy.org/view/s21GvZ5xbs" rel="nofollow noopener">Mason writes in</a></li>
<li><a href="http://slexy.org/view/s209TrPK4e" rel="nofollow noopener">Jochen writes in</a></li>
<li><a href="http://slexy.org/view/s21TQjUjxv" rel="nofollow noopener">Simon writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up this week, we'll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He'll tell us what makes these old (and often forgotten) machines so interesting. As usual, we've also got answers to your emails and all this week's news on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://www.tedunangst.com/flak/post/out-with-the-old-in-with-the-less" rel="nofollow noopener">Out with the old, in with the less</a></h3>

<ul>
<li>Our friend Ted Unangst has a new article up, talking about "various OpenBSD replacements and reductions"</li>
<li>"Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs."</li>
<li>In the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure</li>
<li>It starts off with a lesser-known SCSI driver that "tried to do too much" being replaced with three separate drivers</li>
<li>"Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver."</li>
<li>In contrast to that example, he goes on to cite mandoc as taking a very non "unixy" direction, but at the same time being smaller and simpler than all the tools it replaced</li>
<li>The next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)</li>
<li>He also talks about the rewritten "file" utility: "Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it."</li>
<li>Finally, sudo in OpenBSD's base system is moving to ports soon, and the article briefly describes a new tool that <a href="https://marc.info/?l=openbsd-ports&amp;m=143481227122523&amp;w=2" rel="nofollow noopener">may or may not replace it</a>, called "doas"</li>
<li>There's also a nice wrap-up of all the examples at the end, and the "<a href="http://www.openbsd.org/papers/pruning.html" rel="nofollow noopener">Pruning and Polishing</a>" talk is good complementary reading material
***</li>
</ul>

<h3><a href="https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow/videos" rel="nofollow noopener">More OpenZFS and BSDCan videos</a></h3>

<ul>
<li>We mentioned <a href="http://www.bsdnow.tv/episodes/2015_06_24-bitrot_group_therapy" rel="nofollow noopener">last week</a> that some of the videos from the second OpenZFS conference in Europe were being uploaded - here's some more</li>
<li>Matt Ahrens did <a href="https://www.youtube.com/watch?v=I6fXZ_6OT5c" rel="nofollow noopener">a Q&amp;A session</a> and talked about ZFS <a href="https://www.youtube.com/watch?v=iY44jPMvxog" rel="nofollow noopener">send and receive</a>, as well as giving an <a href="https://www.youtube.com/watch?v=RQlMDmnty80" rel="nofollow noopener">overview of OpenZFS</a></li>
<li>George Wilson talked about a <a href="https://www.youtube.com/watch?v=KBI6rRGUv4E" rel="nofollow noopener">performance retrospective</a></li>
<li><a href="https://www.youtube.com/watch?v=sSi47-k78IM" rel="nofollow noopener">Toshiba</a>, <a href="https://www.youtube.com/watch?v=Hhje5KEF5cE" rel="nofollow noopener">Syneto</a> and <a href="https://www.youtube.com/watch?v=aKgxXipss8k" rel="nofollow noopener">HGST</a> also gave some talks about their companies and how they're using ZFS</li>
<li>As for BSDCan, more of their BSD presentations have been uploaded too...</li>
<li>Ryan Stone, <a href="https://www.youtube.com/watch?v=INeMd-i5jzM" rel="nofollow noopener">PCI SR-IOV on FreeBSD</a></li>
<li>George Neville-Neil, <a href="https://www.youtube.com/watch?v=LE4wMsP7zeA" rel="nofollow noopener">Measure Twice, Code Once</a></li>
<li>Kris Moore, <a href="https://www.youtube.com/watch?v=qNYXqpJiFN0" rel="nofollow noopener">Unifying jail and package management for PC-BSD, FreeNAS and FreeBSD</a></li>
<li>Warner Losh, <a href="https://www.youtube.com/watch?v=3WqOLolj5EU" rel="nofollow noopener">I/O Scheduling in CAM</a></li>
<li>Kirk McKusick, <a href="https://www.youtube.com/watch?v=l-RCLgLxuSc" rel="nofollow noopener">An Introduction to the Implementation of ZFS</a></li>
<li>Midori Kato, <a href="https://www.youtube.com/watch?v=zZXvjhWcg_4" rel="nofollow noopener">Extensions to FreeBSD Datacenter TCP for Incremental Deployment Support</a></li>
<li>Baptiste Daroussin, <a href="https://www.youtube.com/watch?v=Br6izhH5P1I" rel="nofollow noopener">Packaging FreeBSD's</a> <a href="https://www.youtube.com/watch?v=v7px6ktoDAI" rel="nofollow noopener">base system</a></li>
<li>Matt Ahrens, <a href="https://www.youtube.com/watch?v=UOX7WDAjqso" rel="nofollow noopener">New OpenZFS features supporting remote replication</a></li>
<li>Ed Schouten, <a href="https://www.youtube.com/watch?v=SVdF84x1EdA" rel="nofollow noopener">CloudABI Cloud computing meets fine-grained capabilities</a></li>
<li>The audio of Ingo Schwarze's talk "mandoc: becoming the main BSD manual toolbox" got messed up, but there's an alternate recording <a href="http://www.bsdcan.org/2015/audio/mandoc.mp3" rel="nofollow noopener">here</a>, and the slides are <a href="http://www.openbsd.org/papers/bsdcan15-mandoc.pdf" rel="nofollow noopener">here</a>
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=143526329006942&amp;w=2" rel="nofollow noopener">SMP steroids for PF</a></h3>

<ul>
<li>An Oracle employee that's been porting OpenBSD's PF to an upcoming Solaris release has sent in an interesting patch for review</li>
<li>Attached to the mail was what may be the beginnings of making native PF SMP-aware</li>
<li>Before you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind - this is just one piece of the puzzle</li>
<li>The <a href="https://www.marc.info/?l=openbsd-tech&amp;m=143532243322281&amp;w=2" rel="nofollow noopener">initial response</a> has been quite positive though, with some <a href="https://www.marc.info/?l=openbsd-tech&amp;m=143532963824548&amp;w=2" rel="nofollow noopener">back and forth</a> between developers and the submitter</li>
<li>For now, let's be patient and see what happens
***</li>
</ul>

<h3><a href="http://www.dragonflybsd.org/release42/" rel="nofollow noopener">DragonFly 4.2.0 released</a></h3>

<ul>
<li>DragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes</li>
<li>i915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release</li>
<li>Sendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there's <a href="http://www.dragonflybsd.com/docs/docs/newhandbook/mta/" rel="nofollow noopener">a wiki page</a> about configuring it</li>
<li>They've also switched the default compiler to GCC 5, though why they've gone in that direction instead of embracing Clang is a mystery</li>
<li>The announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools</li>
<li>Work is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement</li>
<li>There was also some <a href="https://news.ycombinator.com/item?id=9797932" rel="nofollow noopener">hacker news discussion</a> you can check out, as well as <a href="http://lists.dragonflybsd.org/pipermail/users/2015-June/207801.html" rel="nofollow noopener">upgrade instructions</a>
***</li>
</ul>

<h3><a href="https://opensmtpd.org/announces/release-5.7.1.txt" rel="nofollow noopener">OpenSMTPD 5.7.1 released</a></h3>

<ul>
<li>The OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently</li>
<li>Crypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default</li>
<li>The long-awaited filter API is now enabled by default, though still considered slightly experimental</li>
<li>Documentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)</li>
<li>Many more small additions and bugfixes were made, so check the changelog for the full list</li>
<li>Starting with 5.7.1, releases are now <a href="https://twitter.com/OpenSMTPD/status/613257722574839808" rel="nofollow noopener">cryptographically</a> <a href="https://www.opensmtpd.org/archives/opensmtpd-5.7.1.sum.sig" rel="nofollow noopener">signed</a> to ensure integrity</li>
<li>This release has gone through some major stress testing to ensure stability - Gilles regularly asks their Twitter followers to <a href="https://twitter.com/OpenSMTPD/status/608399272447471616" rel="nofollow noopener">flood a test server</a> with thousands of emails per second, even <a href="https://twitter.com/OpenSMTPD/status/608235180839567360" rel="nofollow noopener">offering prizes</a> to whoever can DDoS them the hardest</li>
<li>OpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately</li>
<li>Let's all <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">encourage</a> Kris to stop procrastinating on switching from Postfix
***</li>
</ul>

<h2>Interview - Jun Ebihara (蛯原純) - <a href="mailto:jun@netbsd.org" rel="nofollow noopener">jun@netbsd.org</a> / <a href="https://twitter.com/ebijun" rel="nofollow noopener">@ebijun</a></h2>

<p>Lesser-known CPU architectures, embedded NetBSD devices</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-steven-douglas.html" rel="nofollow noopener">FreeBSD foundation at BSDCan</a></h3>

<ul>
<li>The FreeBSD foundation has posted a few BSDCan summaries on their blog</li>
<li>The first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: "Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people."</li>
<li>He got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily</li>
<li>Their <a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-ahmed-kamal.html" rel="nofollow noopener">second</a> trip report is from Ahmed Kamal, who flew in all the way from Egypt</li>
<li>A bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum's about MINIX and NetBSD</li>
<li>There are also two more wrap-ups from <a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-zbigniew-bodek.html" rel="nofollow noopener">Zbigniew Bodek</a> and <a href="http://freebsdfoundation.blogspot.com/2015/06/bsdcan-2015-trip-report-vsevolod-stakhov.html" rel="nofollow noopener">Vsevolod Stakhov</a>, so you've got plenty to read
***</li>
</ul>

<h3><a href="http://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html" rel="nofollow noopener">OpenBSD from a veteran Linux user perspective</a></h3>

<ul>
<li>In a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time</li>
<li>"For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an 'old-school' Linux admin, and I've felt out of place with the latest changes on the system administration."</li>
<li>The post is a collection of his thoughts about what's different between Linux and BSD, what surprised him as a beginner - admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags</li>
<li>One of the things that surprised him (in a positive way) was the documentation: "OpenBSD's man pages are so nice that RTFMing somebody on the internet is not condescending but selfless."</li>
<li>He also goes through some of the basics, installing and updating software, following different branches</li>
<li>It concludes with "If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern."
***</li>
</ul>

<h3><a href="http://sysconfig.org.uk/freebsd-on-the-desktop-am-i-crazy.html" rel="nofollow noopener">FreeBSD on the desktop, am I crazy</a></h3>

<ul>
<li>Similar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up - this time about FreeBSD on the desktop</li>
<li>He begins with a bit of forewarning for potential Linux switchers: "It certainly wasn't an easy journey, and I'm tempted to say do not try this at home to anybody who isn't going to leverage any of FreeBSD's strong points. Definitely don't try FreeBSD on the desktop if you haven't used it on servers or virtual machines before. It's got less in common with Linux than you might think."</li>
<li>With that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd</li>
<li>The rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash</li>
<li>Also worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well</li>
<li>In the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too
***</li>
</ul>

<h3><a href="https://www.netflask.net/ipsec-ikev2-cisco-csr1000v-openiked/" rel="nofollow noopener">OpenIKED and Cisco CSR 1000v IPSEC</a></h3>

<ul>
<li>This article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED</li>
<li>What kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud</li>
<li>There are lots of details (and example configuration files) for using IKEv2 and OpenBSD's built-in IKE daemon</li>
<li>It also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that's afraid to try them… don't be
***</li>
</ul>

<h3><a href="https://github.com/HardenedBSD/hardenedBSD/commit/bd5cecb4dc7947a5e214fc100834399b4bffdee8" rel="nofollow noopener">HardenedBSD improves stack randomization</a></h3>

<ul>
<li>The HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area</li>
<li>In their initial implementation, the stack randomization was a random gap - this update makes the base address randomized as well</li>
<li>They're now stacking the new on top of the old as well, with the goal being even more entropy</li>
<li>This change triggered an ABI and API incompatibility, so their major version has been bumped
***</li>
</ul>

<h3><a href="https://lists.mindrot.org/pipermail/openssh-unix-announce/2015-July/000121.html" rel="nofollow noopener">OpenSSH 6.9 released</a></h3>

<ul>
<li>The OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes</li>
<li>There are a couple new things though - the "AuthorizedKeysCommand" config option now takes custom arguments</li>
<li>One very notable change is that <strong>the default cipher has changed</strong> as of this release</li>
<li>The traditional pairing of AES128 in counter mode with MD5 HMAC has been <em>replaced</em> by the ever-trendy ChaCha20-Poly1305 combo</li>
<li>Their next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to "no" by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they're under 1024 bits</li>
<li>Many small bugs fixes and improvements were also made, so check the announcement for everything else</li>
<li>The native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2Ws6Y2rZy" rel="nofollow noopener">Brad writes in</a></li>
<li><a href="http://slexy.org/view/s21GvZ5xbs" rel="nofollow noopener">Mason writes in</a></li>
<li><a href="http://slexy.org/view/s209TrPK4e" rel="nofollow noopener">Jochen writes in</a></li>
<li><a href="http://slexy.org/view/s21TQjUjxv" rel="nofollow noopener">Simon writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>95: Bitrot Group Therapy</title>
  <link>https://www.bsdnow.tv/95</link>
  <guid isPermaLink="false">e712bc93-a45f-45ce-9d3a-e58ee627200c</guid>
  <pubDate>Wed, 24 Jun 2015 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e712bc93-a45f-45ce-9d3a-e58ee627200c.mp3" length="54443956" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:15:36</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.bsdcan.org/2015/schedule/" rel="nofollow noopener"&gt;More BSDCan 2015 videos&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Almost as if we said it would happen last week, more BSD-related presentation videos have been uploaded&lt;/li&gt;
&lt;li&gt;Alexander Motin, &lt;a href="https://www.youtube.com/watch?v=lBE4BfxVDQc" rel="nofollow noopener"&gt;Feature-rich and fast SCSI target with CTL and ZFS&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Daichi Goto, &lt;a href="https://www.youtube.com/watch?v=r2BoQ70bwK4" rel="nofollow noopener"&gt;FreeBSD for High Density Servers&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Ken Moore, &lt;a href="https://www.youtube.com/watch?v=Qh_YK9y4_Os" rel="nofollow noopener"&gt;Lumina-DE&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Kevin Bowling, &lt;a href="https://www.youtube.com/watch?v=4l2rlRjkGhk" rel="nofollow noopener"&gt;FreeBSD Operations at&lt;/a&gt; &lt;a href="https://www.youtube.com/watch?v=K1-ZyiY5z48" rel="nofollow noopener"&gt;Limelight Networks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Maciej Pasternacki, &lt;a href="https://www.youtube.com/watch?v=8phbsAhJ-9w" rel="nofollow noopener"&gt;Jetpack, a container&lt;/a&gt; &lt;a href="https://www.youtube.com/watch?v=kJ74mgkzLxc" rel="nofollow noopener"&gt;runtime for FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Ray Percival, &lt;a href="https://www.youtube.com/watch?v=gx5FILdSp2w" rel="nofollow noopener"&gt;Networking with OpenBSD in a virtualized environment&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Reyk Floeter, &lt;a href="https://www.youtube.com/watch?v=DV1-EfdIp8I" rel="nofollow noopener"&gt;Introducing OpenBSD's&lt;/a&gt; &lt;a href="https://www.youtube.com/watch?v=_v0lI6qDWFs" rel="nofollow noopener"&gt;new httpd&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Still more to come, hopefully
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=143480475721221&amp;amp;w=2" rel="nofollow noopener"&gt;OpenBSD httpd rewrite support&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;One of the most-requested features of OpenBSD's new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite support&lt;/li&gt;
&lt;li&gt;There were concerns about regex code being too complicated and potentially allowing another attack surface, so that was out&lt;/li&gt;
&lt;li&gt;Instead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindings&lt;/li&gt;
&lt;li&gt;In the mailing list post, he shows an example of how to use it for redirects and provides &lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=143489473103114&amp;amp;w=2" rel="nofollow noopener"&gt;the diff&lt;/a&gt; if you'd like to give it a try now&lt;/li&gt;
&lt;li&gt;It's since &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=143507301715409&amp;amp;w=2" rel="nofollow noopener"&gt;been committed&lt;/a&gt; to -current, so you can try it out with a snapshot too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://sysconfig.org.uk/two-factor-authentication-with-ssh.html" rel="nofollow noopener"&gt;SSH 2FA on FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We've discussed different ways to lock down SSH access to your BSD boxes before - use keys instead of passwords, whitelist IPs, or even use two-factor authentication&lt;/li&gt;
&lt;li&gt;This article serves as a sort of "roundup" on different methods to set up two-factor authentication on FreeBSD&lt;/li&gt;
&lt;li&gt;It touches on key pairs with a server-side password, google authenticator and a few other variations&lt;/li&gt;
&lt;li&gt;While the article is focused on FreeBSD, a lot of it can be easily applied to the others too&lt;/li&gt;
&lt;li&gt;OpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://blog.netbsd.org/tnf/entry/netbsd_7_0_rc1_binaries" rel="nofollow noopener"&gt;NetBSD 7.0-RC1 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;NetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (&lt;a href="http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv" rel="nofollow noopener"&gt;11 months ago&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;Some of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1&lt;/li&gt;
&lt;li&gt;They're looking for as much testing as possible, so give it a try and report your findings to the release engineering team
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Sean Chittenden - &lt;a href="mailto:seanc@freebsd.org" rel="nofollow noopener"&gt;seanc@freebsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/seanchittenden" rel="nofollow noopener"&gt;@seanchittenden&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;FreeBSD at Groupon, ZFS&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.tumfatig.net/20150620/opensmtpd-and-dovecot-on-openbsd-5-7/" rel="nofollow noopener"&gt;OpenSMTPD and Dovecot&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We've covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the last&lt;/li&gt;
&lt;li&gt;This blog post about it has something not mentioned before: virtual domains and virtual users&lt;/li&gt;
&lt;li&gt;This means you can easily have "&lt;a href="mailto:user1@domain.com" rel="nofollow noopener"&gt;user1@domain.com&lt;/a&gt;" and "&lt;a href="mailto:user2@otherdomain.com" rel="nofollow noopener"&gt;user2@otherdomain.com&lt;/a&gt;" both go to a local user on the box (or a different third address)&lt;/li&gt;
&lt;li&gt;It also covers SSL certificates, blocking spam and setting up IMAP access, the usual&lt;/li&gt;
&lt;li&gt;Now might also be a good time to test out OpenSMTPD &lt;a href="https://www.mail-archive.com/misc@opensmtpd.org/msg02177.html" rel="nofollow noopener"&gt;5.7.1-rc1&lt;/a&gt;, which we'll cover in more detail when it's released...
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://github.com/aarnt/octopkg" rel="nofollow noopener"&gt;OctoPkg, a QT frontend to pkgng&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A PC-BSD user has begun porting over a graphical package management utility from Arch linux called &lt;a href="https://octopiproject.wordpress.com/about/" rel="nofollow noopener"&gt;Octopi&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Obviously, it needed to be rewritten to use FreeBSD's pkg system instead of pacman&lt;/li&gt;
&lt;li&gt;There are some basic instructions on how to get it built and running on the github page&lt;/li&gt;
&lt;li&gt;After some testing, it'll likely make its way to the FreeBSD ports tree&lt;/li&gt;
&lt;li&gt;Tools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20150619071929" rel="nofollow noopener"&gt;AFL vs. mandoc, a quantitative analysis&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Ingo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFL&lt;/li&gt;
&lt;li&gt;It's meant to be accompanying material to his BSDCan talk, which already covered nine topics&lt;/li&gt;
&lt;li&gt;mandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying input&lt;/li&gt;
&lt;li&gt;The article breaks down the 45 different bugs that were found, based on their root cause&lt;/li&gt;
&lt;li&gt;If you're interested in secure coding practices, this'll be a great one to read
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/playlist?list=PLaUVvul17xScvtic0SPoks2MlQleyejks" rel="nofollow noopener"&gt;OpenZFS conference videos&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Videos from the second OpenZFS conference have just started to show up&lt;/li&gt;
&lt;li&gt;The first talk is by, you guessed it, Matt Ahrens&lt;/li&gt;
&lt;li&gt;In it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked on&lt;/li&gt;
&lt;li&gt;There are also videos &lt;a href="https://www.youtube.com/watch?v=5ciV4z7WWmo" rel="nofollow noopener"&gt;from Nexenta&lt;/a&gt; &lt;a href="https://www.youtube.com/watch?v=a2lnMxMUxyc" rel="nofollow noopener"&gt;and HGST&lt;/a&gt;, talking about how they use and contribute to OpenZFS
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2FqJfmeK3" rel="nofollow noopener"&gt;Bryson writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20erRHahQ" rel="nofollow noopener"&gt;Kevin writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, fuzzing, mandoc, httpd, 7.0, opensmtpd, dovecot, bsdcan 2015, pkgng, groupon, ecommerce, zfs, bitrot, zpool, afl</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bsdcan.org/2015/schedule/" rel="nofollow noopener">More BSDCan 2015 videos</a></h3>

<ul>
<li>Almost as if we said it would happen last week, more BSD-related presentation videos have been uploaded</li>
<li>Alexander Motin, <a href="https://www.youtube.com/watch?v=lBE4BfxVDQc" rel="nofollow noopener">Feature-rich and fast SCSI target with CTL and ZFS</a></li>
<li>Daichi Goto, <a href="https://www.youtube.com/watch?v=r2BoQ70bwK4" rel="nofollow noopener">FreeBSD for High Density Servers</a></li>
<li>Ken Moore, <a href="https://www.youtube.com/watch?v=Qh_YK9y4_Os" rel="nofollow noopener">Lumina-DE</a></li>
<li>Kevin Bowling, <a href="https://www.youtube.com/watch?v=4l2rlRjkGhk" rel="nofollow noopener">FreeBSD Operations at</a> <a href="https://www.youtube.com/watch?v=K1-ZyiY5z48" rel="nofollow noopener">Limelight Networks</a></li>
<li>Maciej Pasternacki, <a href="https://www.youtube.com/watch?v=8phbsAhJ-9w" rel="nofollow noopener">Jetpack, a container</a> <a href="https://www.youtube.com/watch?v=kJ74mgkzLxc" rel="nofollow noopener">runtime for FreeBSD</a></li>
<li>Ray Percival, <a href="https://www.youtube.com/watch?v=gx5FILdSp2w" rel="nofollow noopener">Networking with OpenBSD in a virtualized environment</a></li>
<li>Reyk Floeter, <a href="https://www.youtube.com/watch?v=DV1-EfdIp8I" rel="nofollow noopener">Introducing OpenBSD's</a> <a href="https://www.youtube.com/watch?v=_v0lI6qDWFs" rel="nofollow noopener">new httpd</a></li>
<li>Still more to come, hopefully
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=143480475721221&amp;w=2" rel="nofollow noopener">OpenBSD httpd rewrite support</a></h3>

<ul>
<li>One of the most-requested features of OpenBSD's new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite support</li>
<li>There were concerns about regex code being too complicated and potentially allowing another attack surface, so that was out</li>
<li>Instead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindings</li>
<li>In the mailing list post, he shows an example of how to use it for redirects and provides <a href="https://www.marc.info/?l=openbsd-tech&amp;m=143489473103114&amp;w=2" rel="nofollow noopener">the diff</a> if you'd like to give it a try now</li>
<li>It's since <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143507301715409&amp;w=2" rel="nofollow noopener">been committed</a> to -current, so you can try it out with a snapshot too
***</li>
</ul>

<h3><a href="http://sysconfig.org.uk/two-factor-authentication-with-ssh.html" rel="nofollow noopener">SSH 2FA on FreeBSD</a></h3>

<ul>
<li>We've discussed different ways to lock down SSH access to your BSD boxes before - use keys instead of passwords, whitelist IPs, or even use two-factor authentication</li>
<li>This article serves as a sort of "roundup" on different methods to set up two-factor authentication on FreeBSD</li>
<li>It touches on key pairs with a server-side password, google authenticator and a few other variations</li>
<li>While the article is focused on FreeBSD, a lot of it can be easily applied to the others too</li>
<li>OpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems
***</li>
</ul>

<h3><a href="https://blog.netbsd.org/tnf/entry/netbsd_7_0_rc1_binaries" rel="nofollow noopener">NetBSD 7.0-RC1 released</a></h3>

<ul>
<li>NetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (<a href="http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv" rel="nofollow noopener">11 months ago</a>)</li>
<li>Some of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1</li>
<li>They're looking for as much testing as possible, so give it a try and report your findings to the release engineering team
***</li>
</ul>

<h2>Interview - Sean Chittenden - <a href="mailto:seanc@freebsd.org" rel="nofollow noopener">seanc@freebsd.org</a> / <a href="https://twitter.com/seanchittenden" rel="nofollow noopener">@seanchittenden</a></h2>

<p>FreeBSD at Groupon, ZFS</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://www.tumfatig.net/20150620/opensmtpd-and-dovecot-on-openbsd-5-7/" rel="nofollow noopener">OpenSMTPD and Dovecot</a></h3>

<ul>
<li>We've covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the last</li>
<li>This blog post about it has something not mentioned before: virtual domains and virtual users</li>
<li>This means you can easily have "<a href="mailto:user1@domain.com" rel="nofollow noopener">user1@domain.com</a>" and "<a href="mailto:user2@otherdomain.com" rel="nofollow noopener">user2@otherdomain.com</a>" both go to a local user on the box (or a different third address)</li>
<li>It also covers SSL certificates, blocking spam and setting up IMAP access, the usual</li>
<li>Now might also be a good time to test out OpenSMTPD <a href="https://www.mail-archive.com/misc@opensmtpd.org/msg02177.html" rel="nofollow noopener">5.7.1-rc1</a>, which we'll cover in more detail when it's released...
***</li>
</ul>

<h3><a href="https://github.com/aarnt/octopkg" rel="nofollow noopener">OctoPkg, a QT frontend to pkgng</a></h3>

<ul>
<li>A PC-BSD user has begun porting over a graphical package management utility from Arch linux called <a href="https://octopiproject.wordpress.com/about/" rel="nofollow noopener">Octopi</a></li>
<li>Obviously, it needed to be rewritten to use FreeBSD's pkg system instead of pacman</li>
<li>There are some basic instructions on how to get it built and running on the github page</li>
<li>After some testing, it'll likely make its way to the FreeBSD ports tree</li>
<li>Tools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20150619071929" rel="nofollow noopener">AFL vs. mandoc, a quantitative analysis</a></h3>

<ul>
<li>Ingo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFL</li>
<li>It's meant to be accompanying material to his BSDCan talk, which already covered nine topics</li>
<li>mandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying input</li>
<li>The article breaks down the 45 different bugs that were found, based on their root cause</li>
<li>If you're interested in secure coding practices, this'll be a great one to read
***</li>
</ul>

<h3><a href="https://www.youtube.com/playlist?list=PLaUVvul17xScvtic0SPoks2MlQleyejks" rel="nofollow noopener">OpenZFS conference videos</a></h3>

<ul>
<li>Videos from the second OpenZFS conference have just started to show up</li>
<li>The first talk is by, you guessed it, Matt Ahrens</li>
<li>In it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked on</li>
<li>There are also videos <a href="https://www.youtube.com/watch?v=5ciV4z7WWmo" rel="nofollow noopener">from Nexenta</a> <a href="https://www.youtube.com/watch?v=a2lnMxMUxyc" rel="nofollow noopener">and HGST</a>, talking about how they use and contribute to OpenZFS
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2FqJfmeK3" rel="nofollow noopener">Bryson writes in</a></li>
<li><a href="http://slexy.org/view/s20erRHahQ" rel="nofollow noopener">Kevin writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bsdcan.org/2015/schedule/" rel="nofollow noopener">More BSDCan 2015 videos</a></h3>

<ul>
<li>Almost as if we said it would happen last week, more BSD-related presentation videos have been uploaded</li>
<li>Alexander Motin, <a href="https://www.youtube.com/watch?v=lBE4BfxVDQc" rel="nofollow noopener">Feature-rich and fast SCSI target with CTL and ZFS</a></li>
<li>Daichi Goto, <a href="https://www.youtube.com/watch?v=r2BoQ70bwK4" rel="nofollow noopener">FreeBSD for High Density Servers</a></li>
<li>Ken Moore, <a href="https://www.youtube.com/watch?v=Qh_YK9y4_Os" rel="nofollow noopener">Lumina-DE</a></li>
<li>Kevin Bowling, <a href="https://www.youtube.com/watch?v=4l2rlRjkGhk" rel="nofollow noopener">FreeBSD Operations at</a> <a href="https://www.youtube.com/watch?v=K1-ZyiY5z48" rel="nofollow noopener">Limelight Networks</a></li>
<li>Maciej Pasternacki, <a href="https://www.youtube.com/watch?v=8phbsAhJ-9w" rel="nofollow noopener">Jetpack, a container</a> <a href="https://www.youtube.com/watch?v=kJ74mgkzLxc" rel="nofollow noopener">runtime for FreeBSD</a></li>
<li>Ray Percival, <a href="https://www.youtube.com/watch?v=gx5FILdSp2w" rel="nofollow noopener">Networking with OpenBSD in a virtualized environment</a></li>
<li>Reyk Floeter, <a href="https://www.youtube.com/watch?v=DV1-EfdIp8I" rel="nofollow noopener">Introducing OpenBSD's</a> <a href="https://www.youtube.com/watch?v=_v0lI6qDWFs" rel="nofollow noopener">new httpd</a></li>
<li>Still more to come, hopefully
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=143480475721221&amp;w=2" rel="nofollow noopener">OpenBSD httpd rewrite support</a></h3>

<ul>
<li>One of the most-requested features of OpenBSD's new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite support</li>
<li>There were concerns about regex code being too complicated and potentially allowing another attack surface, so that was out</li>
<li>Instead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindings</li>
<li>In the mailing list post, he shows an example of how to use it for redirects and provides <a href="https://www.marc.info/?l=openbsd-tech&amp;m=143489473103114&amp;w=2" rel="nofollow noopener">the diff</a> if you'd like to give it a try now</li>
<li>It's since <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=143507301715409&amp;w=2" rel="nofollow noopener">been committed</a> to -current, so you can try it out with a snapshot too
***</li>
</ul>

<h3><a href="http://sysconfig.org.uk/two-factor-authentication-with-ssh.html" rel="nofollow noopener">SSH 2FA on FreeBSD</a></h3>

<ul>
<li>We've discussed different ways to lock down SSH access to your BSD boxes before - use keys instead of passwords, whitelist IPs, or even use two-factor authentication</li>
<li>This article serves as a sort of "roundup" on different methods to set up two-factor authentication on FreeBSD</li>
<li>It touches on key pairs with a server-side password, google authenticator and a few other variations</li>
<li>While the article is focused on FreeBSD, a lot of it can be easily applied to the others too</li>
<li>OpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems
***</li>
</ul>

<h3><a href="https://blog.netbsd.org/tnf/entry/netbsd_7_0_rc1_binaries" rel="nofollow noopener">NetBSD 7.0-RC1 released</a></h3>

<ul>
<li>NetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (<a href="http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv" rel="nofollow noopener">11 months ago</a>)</li>
<li>Some of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1</li>
<li>They're looking for as much testing as possible, so give it a try and report your findings to the release engineering team
***</li>
</ul>

<h2>Interview - Sean Chittenden - <a href="mailto:seanc@freebsd.org" rel="nofollow noopener">seanc@freebsd.org</a> / <a href="https://twitter.com/seanchittenden" rel="nofollow noopener">@seanchittenden</a></h2>

<p>FreeBSD at Groupon, ZFS</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://www.tumfatig.net/20150620/opensmtpd-and-dovecot-on-openbsd-5-7/" rel="nofollow noopener">OpenSMTPD and Dovecot</a></h3>

<ul>
<li>We've covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the last</li>
<li>This blog post about it has something not mentioned before: virtual domains and virtual users</li>
<li>This means you can easily have "<a href="mailto:user1@domain.com" rel="nofollow noopener">user1@domain.com</a>" and "<a href="mailto:user2@otherdomain.com" rel="nofollow noopener">user2@otherdomain.com</a>" both go to a local user on the box (or a different third address)</li>
<li>It also covers SSL certificates, blocking spam and setting up IMAP access, the usual</li>
<li>Now might also be a good time to test out OpenSMTPD <a href="https://www.mail-archive.com/misc@opensmtpd.org/msg02177.html" rel="nofollow noopener">5.7.1-rc1</a>, which we'll cover in more detail when it's released...
***</li>
</ul>

<h3><a href="https://github.com/aarnt/octopkg" rel="nofollow noopener">OctoPkg, a QT frontend to pkgng</a></h3>

<ul>
<li>A PC-BSD user has begun porting over a graphical package management utility from Arch linux called <a href="https://octopiproject.wordpress.com/about/" rel="nofollow noopener">Octopi</a></li>
<li>Obviously, it needed to be rewritten to use FreeBSD's pkg system instead of pacman</li>
<li>There are some basic instructions on how to get it built and running on the github page</li>
<li>After some testing, it'll likely make its way to the FreeBSD ports tree</li>
<li>Tools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20150619071929" rel="nofollow noopener">AFL vs. mandoc, a quantitative analysis</a></h3>

<ul>
<li>Ingo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFL</li>
<li>It's meant to be accompanying material to his BSDCan talk, which already covered nine topics</li>
<li>mandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying input</li>
<li>The article breaks down the 45 different bugs that were found, based on their root cause</li>
<li>If you're interested in secure coding practices, this'll be a great one to read
***</li>
</ul>

<h3><a href="https://www.youtube.com/playlist?list=PLaUVvul17xScvtic0SPoks2MlQleyejks" rel="nofollow noopener">OpenZFS conference videos</a></h3>

<ul>
<li>Videos from the second OpenZFS conference have just started to show up</li>
<li>The first talk is by, you guessed it, Matt Ahrens</li>
<li>In it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked on</li>
<li>There are also videos <a href="https://www.youtube.com/watch?v=5ciV4z7WWmo" rel="nofollow noopener">from Nexenta</a> <a href="https://www.youtube.com/watch?v=a2lnMxMUxyc" rel="nofollow noopener">and HGST</a>, talking about how they use and contribute to OpenZFS
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2FqJfmeK3" rel="nofollow noopener">Bryson writes in</a></li>
<li><a href="http://slexy.org/view/s20erRHahQ" rel="nofollow noopener">Kevin writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>83: woN DSB</title>
  <link>https://www.bsdnow.tv/83</link>
  <guid isPermaLink="false">6b7846ec-2bb1-475f-aead-9fa2dd2d70ef</guid>
  <pubDate>Wed, 01 Apr 2015 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/6b7846ec-2bb1-475f-aead-9fa2dd2d70ef.mp3" length="46578388" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up this week on the show, we'll be talking to Kamila Součková, a Google intern. She's been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week's news and answers to your emails, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:04:41</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up this week on the show, we'll be talking to Kamila Součková, a Google intern. She's been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week's news and answers to your emails, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"&gt;&lt;/a&gt;&lt;a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"&gt;&lt;img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://blog.pcbsd.org/2015/04/huge-announcement-for-pc-bsd/" rel="nofollow noopener"&gt;Major changes coming in PCBSD 11&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The PCBSD team has announced that version 11.0 will have some more pretty big changes (as they've been known to do lately with NTP daemons and firewalls)&lt;/li&gt;
&lt;li&gt;Switching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users&lt;/li&gt;
&lt;li&gt;To solve this, they've ported over Linux's iptables, giving users a much more &lt;a href="http://dpaste.com/2F1KM6T.txt" rel="nofollow noopener"&gt;straightforward configuration&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;While ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward&lt;/li&gt;
&lt;li&gt;Since the FreeBSD kernel doesn't support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough&lt;/li&gt;
&lt;li&gt;People often complain about PCBSD's huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager&lt;/li&gt;
&lt;li&gt;To reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy&lt;/li&gt;
&lt;li&gt;As we've mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its "life preserver" utility, making it simple to manage multiple snapshots too&lt;/li&gt;
&lt;li&gt;To test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users' files - hope you had that stuff backed up
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.freebsddiary.org/fretbsd.php" rel="nofollow noopener"&gt;NetBSD and FreeBSD join forces&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from&lt;/li&gt;
&lt;li&gt;What's more, none of them have any specific areas they focus on or anything like that (they're all basically the same)&lt;/li&gt;
&lt;li&gt;That situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to &lt;strong&gt;FretBSD&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;Within a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server&lt;/li&gt;
&lt;li&gt;As UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load&lt;/li&gt;
&lt;li&gt;With FretBSD, your toaster can now run ZFS, so you'll never need to worry about the bread becoming silently corrupted again
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://homing-on-code.blogspot.com/2015/03/puffy-in-cloud.html" rel="nofollow noopener"&gt;Puffy in the cloud&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you've ever wanted to set up a backup server, especially for family members or someone who's not as technology-savvy, you've probably realized there are a lot of options&lt;/li&gt;
&lt;li&gt;This post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon&lt;/li&gt;
&lt;li&gt;Doing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc&lt;/li&gt;
&lt;li&gt;He also mentions &lt;a href="http://www.bsdnow.tv/tutorials/pf" rel="nofollow noopener"&gt;our pf tutorial&lt;/a&gt; being helpful in blocking script kiddies from hammering the box&lt;/li&gt;
&lt;li&gt;Be sure to encourage your less-technical friends to always back up their important data
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://blog.netbsd.org/tnf/entry/asiabsdcon_2015" rel="nofollow noopener"&gt;NetBSD at AsiaBSDCon&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Some NetBSD developers have put together a report of what they did at the most recent event in Tokyo&lt;/li&gt;
&lt;li&gt;It includes a wrap-up of the event, as well as a &lt;a href="https://www.netbsd.org/gallery/presentations/#asiabsdcon2015" rel="nofollow noopener"&gt;list of presentations&lt;/a&gt; that NetBSD developers gave&lt;/li&gt;
&lt;li&gt;Have you ever wanted even more pictures of NetBSD running on lots of devices? There's a never-ending supply, apparently&lt;/li&gt;
&lt;li&gt;At the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded &lt;a href="http://www.ki.nu/%7Emakoto/p15/20150315/" rel="nofollow noopener"&gt;pictures of all of them&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;There's also &lt;a href="https://www.youtube.com/watch?v=K1y9cdmLFjw" rel="nofollow noopener"&gt;a video&lt;/a&gt; of an OMRON LUNA-II running the luna68k port
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Kamila Součková - &lt;a href="mailto:kamila@ksp.sk" rel="nofollow noopener"&gt;kamila@ksp.sk&lt;/a&gt; / &lt;a href="https://twitter.com/anotherkamila" rel="nofollow noopener"&gt;@anotherkamila&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;BSD conferences, Google Summer of Code, various topics&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.freebsdfoundation.org/press/2015marchupdate.pdf" rel="nofollow noopener"&gt;FreeBSD foundation March update&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The FreeBSD foundation has published their March update for fundraising and sponsored projects&lt;/li&gt;
&lt;li&gt;In the document, you'll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update&lt;/li&gt;
&lt;li&gt;They also mention &lt;a href="http://www.bsdnow.tv/episodes/2015_03_11-the_pcbsd_tour_ii" rel="nofollow noopener"&gt;our interview with the foundation president&lt;/a&gt; - be sure to check it out if you haven't
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://sdtimes.com/inside-openbsds-new-httpd-web-server/" rel="nofollow noopener"&gt;Inside OpenBSD's new httpd&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;BSD news continues to &lt;strong&gt;dominate&lt;/strong&gt; mainstream tech news sites… well &lt;em&gt;not really&lt;/em&gt;, but they talk about it once in a while&lt;/li&gt;
&lt;li&gt;The SD Times is featuring an article about OpenBSD's in-house HTTP server, after seeing Reyk's &lt;a href="http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf" rel="nofollow noopener"&gt;AsiaBSDCon presentation&lt;/a&gt; about it (which he's giving at BSDCan this year, too)&lt;/li&gt;
&lt;li&gt;In this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter&lt;/li&gt;
&lt;li&gt;Since the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in&lt;/li&gt;
&lt;li&gt;The post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy)
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://bsdxbsdx.blogspot.com/2015/04/build-packages-in-poudriere-without.html" rel="nofollow noopener"&gt;Using poudriere without OpenSSL&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Last week we &lt;a href="http://www.bsdnow.tv/episodes/2015_03_25-ssl_in_the_wild" rel="nofollow noopener"&gt;talked about&lt;/a&gt; using LibreSSL in FreeBSD for all your ports&lt;/li&gt;
&lt;li&gt;One of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to&lt;/li&gt;
&lt;li&gt;This blog post shows how to completely strip OpenSSL out of the &lt;a href="http://www.bsdnow.tv/tutorials/poudriere" rel="nofollow noopener"&gt;poudriere&lt;/a&gt; build jails, something that's a lot more difficult than you'd think&lt;/li&gt;
&lt;li&gt;If you're a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-tech&amp;amp;m=142755452428573&amp;amp;w=2" rel="nofollow noopener"&gt;HAMMER and GPT in OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Someone, presumably a Google Summer of Code student, wrote in to the lists about his &lt;a href="http://www.bsdnow.tv/tutorials/hammer" rel="nofollow noopener"&gt;HAMMER FS&lt;/a&gt; porting proposal&lt;/li&gt;
&lt;li&gt;He outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)&lt;/li&gt;
&lt;li&gt;There's no word yet on if it will be accepted, but it's an interesting idea to explore, especially when you consider that HAMMER really only has one developer&lt;/li&gt;
&lt;li&gt;In more disk-related news, &lt;a href="http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2" rel="nofollow noopener"&gt;Ken Westerback&lt;/a&gt; has been committing quite a lot of &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;w=2&amp;amp;r=1&amp;amp;s=gpt&amp;amp;q=b" rel="nofollow noopener"&gt;GPT-related fixes&lt;/a&gt; recently&lt;/li&gt;
&lt;li&gt;Full GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone's guess
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20e30p4qf" rel="nofollow noopener"&gt;Morgan writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20clKByMP" rel="nofollow noopener"&gt;Dustin writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20aBlmaT5" rel="nofollow noopener"&gt;Stan writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2ufFrZY9y" rel="nofollow noopener"&gt;Mica writes in&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Mailing List Gold&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055281.html" rel="nofollow noopener"&gt;Developers in freefall&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=142786808725483&amp;amp;w=4" rel="nofollow noopener"&gt;Xorg thieves pt. 1&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=142790740405547&amp;amp;w=4" rel="nofollow noopener"&gt;Xorg thieves pt. 2&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, april fools, prank, fretbsd, httpd, foundation, newsletter, cloud, dropbox, owncloud, backups, asiabsdcon, eurobsdcon</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up this week on the show, we'll be talking to Kamila Součková, a Google intern. She's been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week's news and answers to your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://blog.pcbsd.org/2015/04/huge-announcement-for-pc-bsd/" rel="nofollow noopener">Major changes coming in PCBSD 11</a></h3>

<ul>
<li>The PCBSD team has announced that version 11.0 will have some more pretty big changes (as they've been known to do lately with NTP daemons and firewalls)</li>
<li>Switching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users</li>
<li>To solve this, they've ported over Linux's iptables, giving users a much more <a href="http://dpaste.com/2F1KM6T.txt" rel="nofollow noopener">straightforward configuration</a></li>
<li>While ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward</li>
<li>Since the FreeBSD kernel doesn't support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough</li>
<li>People often complain about PCBSD's huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager</li>
<li>To reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy</li>
<li>As we've mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its "life preserver" utility, making it simple to manage multiple snapshots too</li>
<li>To test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users' files - hope you had that stuff backed up
***</li>
</ul>

<h3><a href="http://www.freebsddiary.org/fretbsd.php" rel="nofollow noopener">NetBSD and FreeBSD join forces</a></h3>

<ul>
<li>The BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from</li>
<li>What's more, none of them have any specific areas they focus on or anything like that (they're all basically the same)</li>
<li>That situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to <strong>FretBSD</strong></li>
<li>Within a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server</li>
<li>As UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load</li>
<li>With FretBSD, your toaster can now run ZFS, so you'll never need to worry about the bread becoming silently corrupted again
***</li>
</ul>

<h3><a href="http://homing-on-code.blogspot.com/2015/03/puffy-in-cloud.html" rel="nofollow noopener">Puffy in the cloud</a></h3>

<ul>
<li>If you've ever wanted to set up a backup server, especially for family members or someone who's not as technology-savvy, you've probably realized there are a lot of options</li>
<li>This post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon</li>
<li>Doing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc</li>
<li>He also mentions <a href="http://www.bsdnow.tv/tutorials/pf" rel="nofollow noopener">our pf tutorial</a> being helpful in blocking script kiddies from hammering the box</li>
<li>Be sure to encourage your less-technical friends to always back up their important data
***</li>
</ul>

<h3><a href="https://blog.netbsd.org/tnf/entry/asiabsdcon_2015" rel="nofollow noopener">NetBSD at AsiaBSDCon</a></h3>

<ul>
<li>Some NetBSD developers have put together a report of what they did at the most recent event in Tokyo</li>
<li>It includes a wrap-up of the event, as well as a <a href="https://www.netbsd.org/gallery/presentations/#asiabsdcon2015" rel="nofollow noopener">list of presentations</a> that NetBSD developers gave</li>
<li>Have you ever wanted even more pictures of NetBSD running on lots of devices? There's a never-ending supply, apparently</li>
<li>At the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded <a href="http://www.ki.nu/%7Emakoto/p15/20150315/" rel="nofollow noopener">pictures of all of them</a></li>
<li>There's also <a href="https://www.youtube.com/watch?v=K1y9cdmLFjw" rel="nofollow noopener">a video</a> of an OMRON LUNA-II running the luna68k port
***</li>
</ul>

<h2>Interview - Kamila Součková - <a href="mailto:kamila@ksp.sk" rel="nofollow noopener">kamila@ksp.sk</a> / <a href="https://twitter.com/anotherkamila" rel="nofollow noopener">@anotherkamila</a></h2>

<p>BSD conferences, Google Summer of Code, various topics</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.freebsdfoundation.org/press/2015marchupdate.pdf" rel="nofollow noopener">FreeBSD foundation March update</a></h3>

<ul>
<li>The FreeBSD foundation has published their March update for fundraising and sponsored projects</li>
<li>In the document, you'll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update</li>
<li>They also mention <a href="http://www.bsdnow.tv/episodes/2015_03_11-the_pcbsd_tour_ii" rel="nofollow noopener">our interview with the foundation president</a> - be sure to check it out if you haven't
***</li>
</ul>

<h3><a href="http://sdtimes.com/inside-openbsds-new-httpd-web-server/" rel="nofollow noopener">Inside OpenBSD's new httpd</a></h3>

<ul>
<li>BSD news continues to <strong>dominate</strong> mainstream tech news sites… well <em>not really</em>, but they talk about it once in a while</li>
<li>The SD Times is featuring an article about OpenBSD's in-house HTTP server, after seeing Reyk's <a href="http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf" rel="nofollow noopener">AsiaBSDCon presentation</a> about it (which he's giving at BSDCan this year, too)</li>
<li>In this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter</li>
<li>Since the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in</li>
<li>The post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy)
***</li>
</ul>

<h3><a href="http://bsdxbsdx.blogspot.com/2015/04/build-packages-in-poudriere-without.html" rel="nofollow noopener">Using poudriere without OpenSSL</a></h3>

<ul>
<li>Last week we <a href="http://www.bsdnow.tv/episodes/2015_03_25-ssl_in_the_wild" rel="nofollow noopener">talked about</a> using LibreSSL in FreeBSD for all your ports</li>
<li>One of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to</li>
<li>This blog post shows how to completely strip OpenSSL out of the <a href="http://www.bsdnow.tv/tutorials/poudriere" rel="nofollow noopener">poudriere</a> build jails, something that's a lot more difficult than you'd think</li>
<li>If you're a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=142755452428573&amp;w=2" rel="nofollow noopener">HAMMER and GPT in OpenBSD</a></h3>

<ul>
<li>Someone, presumably a Google Summer of Code student, wrote in to the lists about his <a href="http://www.bsdnow.tv/tutorials/hammer" rel="nofollow noopener">HAMMER FS</a> porting proposal</li>
<li>He outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)</li>
<li>There's no word yet on if it will be accepted, but it's an interesting idea to explore, especially when you consider that HAMMER really only has one developer</li>
<li>In more disk-related news, <a href="http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2" rel="nofollow noopener">Ken Westerback</a> has been committing quite a lot of <a href="https://www.marc.info/?l=openbsd-cvs&amp;w=2&amp;r=1&amp;s=gpt&amp;q=b" rel="nofollow noopener">GPT-related fixes</a> recently</li>
<li>Full GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone's guess
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20e30p4qf" rel="nofollow noopener">Morgan writes in</a></li>
<li><a href="http://slexy.org/view/s20clKByMP" rel="nofollow noopener">Dustin writes in</a></li>
<li><a href="http://slexy.org/view/s20aBlmaT5" rel="nofollow noopener">Stan writes in</a></li>
<li><a href="http://slexy.org/view/s2ufFrZY9y" rel="nofollow noopener">Mica writes in</a>
***</li>
</ul>

<h2>Mailing List Gold</h2>

<ul>
<li><a href="https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055281.html" rel="nofollow noopener">Developers in freefall</a></li>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142786808725483&amp;w=4" rel="nofollow noopener">Xorg thieves pt. 1</a></li>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142790740405547&amp;w=4" rel="nofollow noopener">Xorg thieves pt. 2</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up this week on the show, we'll be talking to Kamila Součková, a Google intern. She's been working on the FreeBSD pager daemon, and also tells us about her initial experiences trying out BSD and going to a conference. As always, all the week's news and answers to your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/1.png" alt="iXsystems - Enterprise Servers and Storage for Open Source"></a><a href="http://www.digitalocean.com/" title="DigitalOcean" rel="nofollow noopener"><img src="/images/2.png" alt="DigitalOcean - Simple Cloud Hosting, Built for Developers"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://blog.pcbsd.org/2015/04/huge-announcement-for-pc-bsd/" rel="nofollow noopener">Major changes coming in PCBSD 11</a></h3>

<ul>
<li>The PCBSD team has announced that version 11.0 will have some more pretty big changes (as they've been known to do lately with NTP daemons and firewalls)</li>
<li>Switching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users</li>
<li>To solve this, they've ported over Linux's iptables, giving users a much more <a href="http://dpaste.com/2F1KM6T.txt" rel="nofollow noopener">straightforward configuration</a></li>
<li>While ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward</li>
<li>Since the FreeBSD kernel doesn't support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough</li>
<li>People often complain about PCBSD's huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager</li>
<li>To reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy</li>
<li>As we've mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its "life preserver" utility, making it simple to manage multiple snapshots too</li>
<li>To test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users' files - hope you had that stuff backed up
***</li>
</ul>

<h3><a href="http://www.freebsddiary.org/fretbsd.php" rel="nofollow noopener">NetBSD and FreeBSD join forces</a></h3>

<ul>
<li>The BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from</li>
<li>What's more, none of them have any specific areas they focus on or anything like that (they're all basically the same)</li>
<li>That situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to <strong>FretBSD</strong></li>
<li>Within a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server</li>
<li>As UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load</li>
<li>With FretBSD, your toaster can now run ZFS, so you'll never need to worry about the bread becoming silently corrupted again
***</li>
</ul>

<h3><a href="http://homing-on-code.blogspot.com/2015/03/puffy-in-cloud.html" rel="nofollow noopener">Puffy in the cloud</a></h3>

<ul>
<li>If you've ever wanted to set up a backup server, especially for family members or someone who's not as technology-savvy, you've probably realized there are a lot of options</li>
<li>This post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon</li>
<li>Doing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc</li>
<li>He also mentions <a href="http://www.bsdnow.tv/tutorials/pf" rel="nofollow noopener">our pf tutorial</a> being helpful in blocking script kiddies from hammering the box</li>
<li>Be sure to encourage your less-technical friends to always back up their important data
***</li>
</ul>

<h3><a href="https://blog.netbsd.org/tnf/entry/asiabsdcon_2015" rel="nofollow noopener">NetBSD at AsiaBSDCon</a></h3>

<ul>
<li>Some NetBSD developers have put together a report of what they did at the most recent event in Tokyo</li>
<li>It includes a wrap-up of the event, as well as a <a href="https://www.netbsd.org/gallery/presentations/#asiabsdcon2015" rel="nofollow noopener">list of presentations</a> that NetBSD developers gave</li>
<li>Have you ever wanted even more pictures of NetBSD running on lots of devices? There's a never-ending supply, apparently</li>
<li>At the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded <a href="http://www.ki.nu/%7Emakoto/p15/20150315/" rel="nofollow noopener">pictures of all of them</a></li>
<li>There's also <a href="https://www.youtube.com/watch?v=K1y9cdmLFjw" rel="nofollow noopener">a video</a> of an OMRON LUNA-II running the luna68k port
***</li>
</ul>

<h2>Interview - Kamila Součková - <a href="mailto:kamila@ksp.sk" rel="nofollow noopener">kamila@ksp.sk</a> / <a href="https://twitter.com/anotherkamila" rel="nofollow noopener">@anotherkamila</a></h2>

<p>BSD conferences, Google Summer of Code, various topics</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.freebsdfoundation.org/press/2015marchupdate.pdf" rel="nofollow noopener">FreeBSD foundation March update</a></h3>

<ul>
<li>The FreeBSD foundation has published their March update for fundraising and sponsored projects</li>
<li>In the document, you'll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update</li>
<li>They also mention <a href="http://www.bsdnow.tv/episodes/2015_03_11-the_pcbsd_tour_ii" rel="nofollow noopener">our interview with the foundation president</a> - be sure to check it out if you haven't
***</li>
</ul>

<h3><a href="http://sdtimes.com/inside-openbsds-new-httpd-web-server/" rel="nofollow noopener">Inside OpenBSD's new httpd</a></h3>

<ul>
<li>BSD news continues to <strong>dominate</strong> mainstream tech news sites… well <em>not really</em>, but they talk about it once in a while</li>
<li>The SD Times is featuring an article about OpenBSD's in-house HTTP server, after seeing Reyk's <a href="http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf" rel="nofollow noopener">AsiaBSDCon presentation</a> about it (which he's giving at BSDCan this year, too)</li>
<li>In this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter</li>
<li>Since the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in</li>
<li>The post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy)
***</li>
</ul>

<h3><a href="http://bsdxbsdx.blogspot.com/2015/04/build-packages-in-poudriere-without.html" rel="nofollow noopener">Using poudriere without OpenSSL</a></h3>

<ul>
<li>Last week we <a href="http://www.bsdnow.tv/episodes/2015_03_25-ssl_in_the_wild" rel="nofollow noopener">talked about</a> using LibreSSL in FreeBSD for all your ports</li>
<li>One of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to</li>
<li>This blog post shows how to completely strip OpenSSL out of the <a href="http://www.bsdnow.tv/tutorials/poudriere" rel="nofollow noopener">poudriere</a> build jails, something that's a lot more difficult than you'd think</li>
<li>If you're a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-tech&amp;m=142755452428573&amp;w=2" rel="nofollow noopener">HAMMER and GPT in OpenBSD</a></h3>

<ul>
<li>Someone, presumably a Google Summer of Code student, wrote in to the lists about his <a href="http://www.bsdnow.tv/tutorials/hammer" rel="nofollow noopener">HAMMER FS</a> porting proposal</li>
<li>He outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)</li>
<li>There's no word yet on if it will be accepted, but it's an interesting idea to explore, especially when you consider that HAMMER really only has one developer</li>
<li>In more disk-related news, <a href="http://www.bsdnow.tv/episodes/2015_02_25-from_the_foundation_2" rel="nofollow noopener">Ken Westerback</a> has been committing quite a lot of <a href="https://www.marc.info/?l=openbsd-cvs&amp;w=2&amp;r=1&amp;s=gpt&amp;q=b" rel="nofollow noopener">GPT-related fixes</a> recently</li>
<li>Full GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone's guess
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20e30p4qf" rel="nofollow noopener">Morgan writes in</a></li>
<li><a href="http://slexy.org/view/s20clKByMP" rel="nofollow noopener">Dustin writes in</a></li>
<li><a href="http://slexy.org/view/s20aBlmaT5" rel="nofollow noopener">Stan writes in</a></li>
<li><a href="http://slexy.org/view/s2ufFrZY9y" rel="nofollow noopener">Mica writes in</a>
***</li>
</ul>

<h2>Mailing List Gold</h2>

<ul>
<li><a href="https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055281.html" rel="nofollow noopener">Developers in freefall</a></li>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142786808725483&amp;w=4" rel="nofollow noopener">Xorg thieves pt. 1</a></li>
<li><a href="https://www.marc.info/?l=openbsd-cvs&amp;m=142790740405547&amp;w=4" rel="nofollow noopener">Xorg thieves pt. 2</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>51: Engineering Nginx</title>
  <link>https://www.bsdnow.tv/51</link>
  <guid isPermaLink="false">4502bfee-e803-4a0d-bdcc-fd4420b30bb1</guid>
  <pubDate>Wed, 20 Aug 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4502bfee-e803-4a0d-bdcc-fd4420b30bb1.mp3" length="62975956" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:27:27</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://bsdly.blogspot.com/2014/08/password-gropers-take-spamtrap-bait.html" rel="nofollow noopener"&gt;Password gropers take spamtrap bait&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Our friend &lt;a href="http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall" rel="nofollow noopener"&gt;Peter Hansteen&lt;/a&gt;, who keeps his eyes glued to his log files, has a new blog post&lt;/li&gt;
&lt;li&gt;He seems to have discovered another new weird phenomenon in his pop3 logs&lt;/li&gt;
&lt;li&gt;"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"&lt;/li&gt;
&lt;li&gt;Someone tried to log in to his service with an address that was known to be invalid&lt;/li&gt;
&lt;li&gt;The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/watch?v=WOcYTqoSQ68" rel="nofollow noopener"&gt;Inside the Atheros wifi chipset&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014&lt;/li&gt;
&lt;li&gt;He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development&lt;/li&gt;
&lt;li&gt;There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards&lt;/li&gt;
&lt;li&gt;Very technical talk; some parts might go over your head if you're not a driver developer&lt;/li&gt;
&lt;li&gt;The raw video file is also available &lt;a href="https://archive.org/download/WirelessVillageAtDefCon22/20-Atheros.mp4" rel="nofollow noopener"&gt;to download&lt;/a&gt; on archive.org&lt;/li&gt;
&lt;li&gt;Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-mark-linimon.html" rel="nofollow noopener"&gt;Trip report and hackathon mini-roundup&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted&lt;/li&gt;
&lt;li&gt;Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports&lt;/li&gt;
&lt;li&gt;Bapt &lt;a href="http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-baptiste-daroussin.html" rel="nofollow noopener"&gt;also has a BSDCan report&lt;/a&gt; detailing his work on ports and packages&lt;/li&gt;
&lt;li&gt;Antoine Jacoutot &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140812064946" rel="nofollow noopener"&gt;writes about&lt;/a&gt; his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout&lt;/li&gt;
&lt;li&gt;Peter Hessler, a latecomer to the hackathon, &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140806125308" rel="nofollow noopener"&gt;details his experience&lt;/a&gt; too, hacking on the installer and built-in upgrade function&lt;/li&gt;
&lt;li&gt;Christian Weisgerber &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140803122705" rel="nofollow noopener"&gt;talks about&lt;/a&gt; starting some initial improvements of OpenBSD's ports infrastructure
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://lists.dragonflybsd.org/pipermail/commits/2014-August/270573.html" rel="nofollow noopener"&gt;DragonFly BSD 3.8.2 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Although it was already branched, the release media is now available for DragonFly 3.8.2&lt;/li&gt;
&lt;li&gt;This is a minor update, mostly to fix the recent OpenSSL vulnerabilities&lt;/li&gt;
&lt;li&gt;It also includes some various other small fixes
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Eric Le Blan - &lt;a href="mailto:info@xinuos.com" rel="nofollow noopener"&gt;info@xinuos.com&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Xinuos' recent FreeBSD integration, BSD in the commercial server space&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/nginx" rel="nofollow noopener"&gt;Building a hardened, feature-rich webserver&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://networkfilter.blogspot.com/2014/08/defend-your-network-and-privacy-vpn.html" rel="nofollow noopener"&gt;Defend your network and privacy, FreeBSD version&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Back in &lt;a href="http://www.bsdnow.tv/episodes/2014_05_28-the_friendly_sandbox" rel="nofollow noopener"&gt;episode 39&lt;/a&gt;, we covered a blog post about creating an OpenBSD gateway - partly based on &lt;a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener"&gt;our tutorial&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;This is a follow-up post, by the same author, about doing a similar thing with FreeBSD&lt;/li&gt;
&lt;li&gt;He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs&lt;/li&gt;
&lt;li&gt;The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.tedunangst.com/flak/post/dont-encrypt-all-the-things" rel="nofollow noopener"&gt;Don't encrypt all the things&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Another couple of interesting blog posts from &lt;a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener"&gt;Ted Unangst&lt;/a&gt; about encryption&lt;/li&gt;
&lt;li&gt;It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good&lt;/li&gt;
&lt;li&gt;After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie&lt;/li&gt;
&lt;li&gt;He also talks a bit about some PGP weaknesses and a possible future replacement&lt;/li&gt;
&lt;li&gt;He also has another, similar post entitled "&lt;a href="http://www.tedunangst.com/flak/post/in-defense-of-opportunistic-encryption" rel="nofollow noopener"&gt;in defense of opportunistic encryption&lt;/a&gt;"
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://svnweb.freebsd.org/base?view=revision&amp;amp;revision=270096" rel="nofollow noopener"&gt;New automounter lands in FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The work on the new automounter has just landed in 11-CURRENT&lt;/li&gt;
&lt;li&gt;With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option&lt;/li&gt;
&lt;li&gt;Check the SVN viewer online to read over the man pages if you're not running -CURRENT&lt;/li&gt;
&lt;li&gt;You can also read a bit about it in the &lt;a href="https://www.freebsdfoundation.org/press/2014jul-newsletter#Project3" rel="nofollow noopener"&gt;recent newsletter&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032810.html" rel="nofollow noopener"&gt;OpenSSH 6.7 CFT&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;It's been a little while since the last OpenSSH release, but 6.7 is almost ready&lt;/li&gt;
&lt;li&gt;Our friend &lt;a href="http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline" rel="nofollow noopener"&gt;Damien Miller&lt;/a&gt; issued a call for testing for the upcoming version, which includes a fair amount of new features&lt;/li&gt;
&lt;li&gt;It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released&lt;/li&gt;
&lt;li&gt;This version also officially supports being built with LibreSSL now&lt;/li&gt;
&lt;li&gt;Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20yIP7VXa" rel="nofollow noopener"&gt;David writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2DeeUjAn6" rel="nofollow noopener"&gt;Lachlan writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s216imwEb0" rel="nofollow noopener"&gt;Francis writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2oc8vavWe" rel="nofollow noopener"&gt;Frank writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20wL61sSr" rel="nofollow noopener"&gt;Sean writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, xinuos, cloud computing, hosting solution, nginx, webserver, httpd, spamd, atheros, wifi, aircrack-ng, kismet, defcon, wireless, bsdcan, hackathon, autofs, automounter, https, tls, ssl, openssh</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://bsdly.blogspot.com/2014/08/password-gropers-take-spamtrap-bait.html" rel="nofollow noopener">Password gropers take spamtrap bait</a></h3>

<ul>
<li>Our friend <a href="http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall" rel="nofollow noopener">Peter Hansteen</a>, who keeps his eyes glued to his log files, has a new blog post</li>
<li>He seems to have discovered another new weird phenomenon in his pop3 logs</li>
<li>"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"</li>
<li>Someone tried to log in to his service with an address that was known to be invalid</li>
<li>The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose
***</li>
</ul>

<h3><a href="https://www.youtube.com/watch?v=WOcYTqoSQ68" rel="nofollow noopener">Inside the Atheros wifi chipset</a></h3>

<ul>
<li>Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014</li>
<li>He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development</li>
<li>There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards</li>
<li>Very technical talk; some parts might go over your head if you're not a driver developer</li>
<li>The raw video file is also available <a href="https://archive.org/download/WirelessVillageAtDefCon22/20-Atheros.mp4" rel="nofollow noopener">to download</a> on archive.org</li>
<li>Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things
***</li>
</ul>

<h3><a href="http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-mark-linimon.html" rel="nofollow noopener">Trip report and hackathon mini-roundup</a></h3>

<ul>
<li>A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted</li>
<li>Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports</li>
<li>Bapt <a href="http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-baptiste-daroussin.html" rel="nofollow noopener">also has a BSDCan report</a> detailing his work on ports and packages</li>
<li>Antoine Jacoutot <a href="http://undeadly.org/cgi?action=article&amp;sid=20140812064946" rel="nofollow noopener">writes about</a> his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout</li>
<li>Peter Hessler, a latecomer to the hackathon, <a href="http://undeadly.org/cgi?action=article&amp;sid=20140806125308" rel="nofollow noopener">details his experience</a> too, hacking on the installer and built-in upgrade function</li>
<li>Christian Weisgerber <a href="http://undeadly.org/cgi?action=article&amp;sid=20140803122705" rel="nofollow noopener">talks about</a> starting some initial improvements of OpenBSD's ports infrastructure
***</li>
</ul>

<h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2014-August/270573.html" rel="nofollow noopener">DragonFly BSD 3.8.2 released</a></h3>

<ul>
<li>Although it was already branched, the release media is now available for DragonFly 3.8.2</li>
<li>This is a minor update, mostly to fix the recent OpenSSL vulnerabilities</li>
<li>It also includes some various other small fixes
***</li>
</ul>

<h2>Interview - Eric Le Blan - <a href="mailto:info@xinuos.com" rel="nofollow noopener">info@xinuos.com</a></h2>

<p>Xinuos' recent FreeBSD integration, BSD in the commercial server space</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/nginx" rel="nofollow noopener">Building a hardened, feature-rich webserver</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://networkfilter.blogspot.com/2014/08/defend-your-network-and-privacy-vpn.html" rel="nofollow noopener">Defend your network and privacy, FreeBSD version</a></h3>

<ul>
<li>Back in <a href="http://www.bsdnow.tv/episodes/2014_05_28-the_friendly_sandbox" rel="nofollow noopener">episode 39</a>, we covered a blog post about creating an OpenBSD gateway - partly based on <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">our tutorial</a></li>
<li>This is a follow-up post, by the same author, about doing a similar thing with FreeBSD</li>
<li>He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs</li>
<li>The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.
***</li>
</ul>

<h3><a href="http://www.tedunangst.com/flak/post/dont-encrypt-all-the-things" rel="nofollow noopener">Don't encrypt all the things</a></h3>

<ul>
<li>Another couple of interesting blog posts from <a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener">Ted Unangst</a> about encryption</li>
<li>It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good</li>
<li>After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie</li>
<li>He also talks a bit about some PGP weaknesses and a possible future replacement</li>
<li>He also has another, similar post entitled "<a href="http://www.tedunangst.com/flak/post/in-defense-of-opportunistic-encryption" rel="nofollow noopener">in defense of opportunistic encryption</a>"
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=270096" rel="nofollow noopener">New automounter lands in FreeBSD</a></h3>

<ul>
<li>The work on the new automounter has just landed in 11-CURRENT</li>
<li>With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option</li>
<li>Check the SVN viewer online to read over the man pages if you're not running -CURRENT</li>
<li>You can also read a bit about it in the <a href="https://www.freebsdfoundation.org/press/2014jul-newsletter#Project3" rel="nofollow noopener">recent newsletter</a>
***</li>
</ul>

<h3><a href="https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032810.html" rel="nofollow noopener">OpenSSH 6.7 CFT</a></h3>

<ul>
<li>It's been a little while since the last OpenSSH release, but 6.7 is almost ready</li>
<li>Our friend <a href="http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline" rel="nofollow noopener">Damien Miller</a> issued a call for testing for the upcoming version, which includes a fair amount of new features</li>
<li>It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released</li>
<li>This version also officially supports being built with LibreSSL now</li>
<li>Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20yIP7VXa" rel="nofollow noopener">David writes in</a></li>
<li><a href="http://slexy.org/view/s2DeeUjAn6" rel="nofollow noopener">Lachlan writes in</a></li>
<li><a href="http://slexy.org/view/s216imwEb0" rel="nofollow noopener">Francis writes in</a></li>
<li><a href="http://slexy.org/view/s2oc8vavWe" rel="nofollow noopener">Frank writes in</a></li>
<li><a href="http://slexy.org/view/s20wL61sSr" rel="nofollow noopener">Sean writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://bsdly.blogspot.com/2014/08/password-gropers-take-spamtrap-bait.html" rel="nofollow noopener">Password gropers take spamtrap bait</a></h3>

<ul>
<li>Our friend <a href="http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall" rel="nofollow noopener">Peter Hansteen</a>, who keeps his eyes glued to his log files, has a new blog post</li>
<li>He seems to have discovered another new weird phenomenon in his pop3 logs</li>
<li>"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"</li>
<li>Someone tried to log in to his service with an address that was known to be invalid</li>
<li>The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose
***</li>
</ul>

<h3><a href="https://www.youtube.com/watch?v=WOcYTqoSQ68" rel="nofollow noopener">Inside the Atheros wifi chipset</a></h3>

<ul>
<li>Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014</li>
<li>He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development</li>
<li>There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards</li>
<li>Very technical talk; some parts might go over your head if you're not a driver developer</li>
<li>The raw video file is also available <a href="https://archive.org/download/WirelessVillageAtDefCon22/20-Atheros.mp4" rel="nofollow noopener">to download</a> on archive.org</li>
<li>Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things
***</li>
</ul>

<h3><a href="http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-mark-linimon.html" rel="nofollow noopener">Trip report and hackathon mini-roundup</a></h3>

<ul>
<li>A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted</li>
<li>Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports</li>
<li>Bapt <a href="http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-baptiste-daroussin.html" rel="nofollow noopener">also has a BSDCan report</a> detailing his work on ports and packages</li>
<li>Antoine Jacoutot <a href="http://undeadly.org/cgi?action=article&amp;sid=20140812064946" rel="nofollow noopener">writes about</a> his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout</li>
<li>Peter Hessler, a latecomer to the hackathon, <a href="http://undeadly.org/cgi?action=article&amp;sid=20140806125308" rel="nofollow noopener">details his experience</a> too, hacking on the installer and built-in upgrade function</li>
<li>Christian Weisgerber <a href="http://undeadly.org/cgi?action=article&amp;sid=20140803122705" rel="nofollow noopener">talks about</a> starting some initial improvements of OpenBSD's ports infrastructure
***</li>
</ul>

<h3><a href="http://lists.dragonflybsd.org/pipermail/commits/2014-August/270573.html" rel="nofollow noopener">DragonFly BSD 3.8.2 released</a></h3>

<ul>
<li>Although it was already branched, the release media is now available for DragonFly 3.8.2</li>
<li>This is a minor update, mostly to fix the recent OpenSSL vulnerabilities</li>
<li>It also includes some various other small fixes
***</li>
</ul>

<h2>Interview - Eric Le Blan - <a href="mailto:info@xinuos.com" rel="nofollow noopener">info@xinuos.com</a></h2>

<p>Xinuos' recent FreeBSD integration, BSD in the commercial server space</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/nginx" rel="nofollow noopener">Building a hardened, feature-rich webserver</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://networkfilter.blogspot.com/2014/08/defend-your-network-and-privacy-vpn.html" rel="nofollow noopener">Defend your network and privacy, FreeBSD version</a></h3>

<ul>
<li>Back in <a href="http://www.bsdnow.tv/episodes/2014_05_28-the_friendly_sandbox" rel="nofollow noopener">episode 39</a>, we covered a blog post about creating an OpenBSD gateway - partly based on <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">our tutorial</a></li>
<li>This is a follow-up post, by the same author, about doing a similar thing with FreeBSD</li>
<li>He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs</li>
<li>The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.
***</li>
</ul>

<h3><a href="http://www.tedunangst.com/flak/post/dont-encrypt-all-the-things" rel="nofollow noopener">Don't encrypt all the things</a></h3>

<ul>
<li>Another couple of interesting blog posts from <a href="http://www.bsdnow.tv/episodes/2014_02_05-time_signatures" rel="nofollow noopener">Ted Unangst</a> about encryption</li>
<li>It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good</li>
<li>After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie</li>
<li>He also talks a bit about some PGP weaknesses and a possible future replacement</li>
<li>He also has another, similar post entitled "<a href="http://www.tedunangst.com/flak/post/in-defense-of-opportunistic-encryption" rel="nofollow noopener">in defense of opportunistic encryption</a>"
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/base?view=revision&amp;revision=270096" rel="nofollow noopener">New automounter lands in FreeBSD</a></h3>

<ul>
<li>The work on the new automounter has just landed in 11-CURRENT</li>
<li>With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option</li>
<li>Check the SVN viewer online to read over the man pages if you're not running -CURRENT</li>
<li>You can also read a bit about it in the <a href="https://www.freebsdfoundation.org/press/2014jul-newsletter#Project3" rel="nofollow noopener">recent newsletter</a>
***</li>
</ul>

<h3><a href="https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032810.html" rel="nofollow noopener">OpenSSH 6.7 CFT</a></h3>

<ul>
<li>It's been a little while since the last OpenSSH release, but 6.7 is almost ready</li>
<li>Our friend <a href="http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline" rel="nofollow noopener">Damien Miller</a> issued a call for testing for the upcoming version, which includes a fair amount of new features</li>
<li>It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released</li>
<li>This version also officially supports being built with LibreSSL now</li>
<li>Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s20yIP7VXa" rel="nofollow noopener">David writes in</a></li>
<li><a href="http://slexy.org/view/s2DeeUjAn6" rel="nofollow noopener">Lachlan writes in</a></li>
<li><a href="http://slexy.org/view/s216imwEb0" rel="nofollow noopener">Francis writes in</a></li>
<li><a href="http://slexy.org/view/s2oc8vavWe" rel="nofollow noopener">Frank writes in</a></li>
<li><a href="http://slexy.org/view/s20wL61sSr" rel="nofollow noopener">Sean writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>48: Liberating SSL</title>
  <link>https://www.bsdnow.tv/48</link>
  <guid isPermaLink="false">e0c8ab6b-dd19-4778-8dc2-4b02bd2ae809</guid>
  <pubDate>Wed, 30 Jul 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e0c8ab6b-dd19-4778-8dc2-4b02bd2ae809.mp3" length="43106548" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>59:52</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.freebsd.org/news/status/report-2014-04-2014-06.html" rel="nofollow noopener"&gt;FreeBSD quarterly status report&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;FreeBSD has gotten quite a lot done this quarter&lt;/li&gt;
&lt;li&gt;Changes in the way release branches are supported - major releases will get at least five years over their lifespan&lt;/li&gt;
&lt;li&gt;A new automounter is in the works, hoping to replace amd (which has some issues)&lt;/li&gt;
&lt;li&gt;The CAM target layer and RPC stack have gotten some major optimization and speed boosts&lt;/li&gt;
&lt;li&gt;Work on ZFSGuru continues, with a large status report specifically for that&lt;/li&gt;
&lt;li&gt;The report also mentioned some new committers, both source and ports&lt;/li&gt;
&lt;li&gt;It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show&lt;/li&gt;
&lt;li&gt;"Foundation-sponsored work resulted in &lt;strong&gt;226 commits&lt;/strong&gt; to FreeBSD over the April to June period"
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140724094043" rel="nofollow noopener"&gt;A new OpenBSD HTTPD is born&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Work has begun on a new HTTP daemon in the OpenBSD base system&lt;/li&gt;
&lt;li&gt;A lot of people are &lt;a href="http://www.reddit.com/r/BSD/comments/2b7azm/openbsd_gets_its_own_http_server/" rel="nofollow noopener"&gt;asking&lt;/a&gt; "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?&lt;/li&gt;
&lt;li&gt;Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)&lt;/li&gt;
&lt;li&gt;It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter&lt;/li&gt;
&lt;li&gt;This has the added benefit of the usual, easy-to-understand syntax and privilege separation &lt;/li&gt;
&lt;li&gt;There's a very brief &lt;a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8" rel="nofollow noopener"&gt;man page&lt;/a&gt; online already&lt;/li&gt;
&lt;li&gt;It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs&lt;/li&gt;
&lt;li&gt;Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not)
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-July/000084.html" rel="nofollow noopener"&gt;pkgng 1.3 announced&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The newest version of FreeBSD's second generation &lt;a href="http://www.bsdnow.tv/tutorials/pkgng" rel="nofollow noopener"&gt;package management system&lt;/a&gt; has been released, with lots of new features&lt;/li&gt;
&lt;li&gt;It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)&lt;/li&gt;
&lt;li&gt;Lots of the code has been sandboxed for extra security&lt;/li&gt;
&lt;li&gt;You'll probably notice some new changes to the UI too, making things more user friendly&lt;/li&gt;
&lt;li&gt;A few days later &lt;a href="https://svnweb.freebsd.org/ports?view=revision&amp;amp;sortby=date&amp;amp;revision=362996" rel="nofollow noopener"&gt;1.3.1&lt;/a&gt; was released to fix a few small bugs, then &lt;a href="https://svnweb.freebsd.org/ports?view=revision&amp;amp;revision=363108" rel="nofollow noopener"&gt;1.3.2&lt;/a&gt; shortly thereafter and &lt;a href="https://svnweb.freebsd.org/ports?view=revision&amp;amp;revision=363363" rel="nofollow noopener"&gt;1.3.3&lt;/a&gt; yesterday
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://twisteddaemon.com/post/92921205276/freebsd-installed-your-next-five-moves-should-be" rel="nofollow noopener"&gt;FreeBSD after-install security tasks&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A number of people have written in to ask us "how do I secure my BSD box after I install it?"&lt;/li&gt;
&lt;li&gt;With this blog post, hopefully most of their questions will finally be answered in detail&lt;/li&gt;
&lt;li&gt;It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things&lt;/li&gt;
&lt;li&gt;Not only does it just list things to do, but the post also does a good job of explaining why you should do them&lt;/li&gt;
&lt;li&gt;Maybe we'll see some more posts in this series in the future
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Brent Cook - &lt;a href="mailto:bcook@openbsd.org" rel="nofollow noopener"&gt;bcook@openbsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/busterbcook" rel="nofollow noopener"&gt;@busterbcook&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;LibreSSL's portable version and development&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.tiltedwindmillpress.com/?product=freebsd-mastery-storage-essentials" rel="nofollow noopener"&gt;FreeBSD Mastery - Storage Essentials&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop" rel="nofollow noopener"&gt;MWL&lt;/a&gt;'s new book about the FreeBSD storage subsystems now has an early draft available&lt;/li&gt;
&lt;li&gt;Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes&lt;/li&gt;
&lt;li&gt;Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance&lt;/li&gt;
&lt;li&gt;You'll get access to the completed (e)book when it's done if you buy the early draft&lt;/li&gt;
&lt;li&gt;The suggested price is $8
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.reddit.com/r/BSD/comments/2buea5/why_bsd_and_not_linux_or_why_linux_and_not_bsd/" rel="nofollow noopener"&gt;Why BSD and not Linux?&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Yet another thread comes up asking why you should choose BSD over Linux or vice-versa&lt;/li&gt;
&lt;li&gt;Lots of good responses from users of the various BSDs&lt;/li&gt;
&lt;li&gt;Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."&lt;/li&gt;
&lt;li&gt;And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."&lt;/li&gt;
&lt;li&gt;Some other users share their switching experiences - worth a read
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140724161550" rel="nofollow noopener"&gt;More g2k14 hackathon reports&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Following up from last week's &lt;a href="http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv" rel="nofollow noopener"&gt;huge list&lt;/a&gt; of hackathon reports, we have a few more&lt;/li&gt;
&lt;li&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140724161550" rel="nofollow noopener"&gt;Landry Breuil&lt;/a&gt; spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream&lt;/li&gt;
&lt;li&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140728122850" rel="nofollow noopener"&gt;Andrew Fresh&lt;/a&gt; enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl&lt;/li&gt;
&lt;li&gt;&lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140729070721" rel="nofollow noopener"&gt;Ted Unangst&lt;/a&gt; did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth&lt;/li&gt;
&lt;li&gt;Luckily we didn't have to cover 20 new ones this time!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://bsdtalk.blogspot.com/2014/07/mandoc-with-ingo-schwarze.html" rel="nofollow noopener"&gt;BSDTalk episode 243&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The newest episode of &lt;a href="http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk" rel="nofollow noopener"&gt;BSDTalk&lt;/a&gt; is out, featuring an interview with Ingo Schwarze of the OpenBSD team&lt;/li&gt;
&lt;li&gt;The main topic of discussion is mandoc, which some users might not be familiar with&lt;/li&gt;
&lt;li&gt;mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)&lt;/li&gt;
&lt;li&gt;We'll catch up to you soon, Will!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2xLRQytAZ" rel="nofollow noopener"&gt;Thomas writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21AYng20n" rel="nofollow noopener"&gt;Stephen writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2DwLRdQDS" rel="nofollow noopener"&gt;Sha'ul writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2E05L31BC" rel="nofollow noopener"&gt;Florian writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21Nmg3Jrk" rel="nofollow noopener"&gt;Bob Beck writes in&lt;/a&gt; - and note the "Caution" section that was added to &lt;a href="http://www.libressl.org/" rel="nofollow noopener"&gt;libressl.org&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, openssl, libressl, portable, openssh, security, linux, arc4random, intrinsic functions, rng, prng, status report, pkgng, openhttpd, relayd, httpd, web server, zfsguru, zfs, freebsd mastery, book, storage, ufs, geom, disks, presentation, talk, comparison, mandoc</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsd.org/news/status/report-2014-04-2014-06.html" rel="nofollow noopener">FreeBSD quarterly status report</a></h3>

<ul>
<li>FreeBSD has gotten quite a lot done this quarter</li>
<li>Changes in the way release branches are supported - major releases will get at least five years over their lifespan</li>
<li>A new automounter is in the works, hoping to replace amd (which has some issues)</li>
<li>The CAM target layer and RPC stack have gotten some major optimization and speed boosts</li>
<li>Work on ZFSGuru continues, with a large status report specifically for that</li>
<li>The report also mentioned some new committers, both source and ports</li>
<li>It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show</li>
<li>"Foundation-sponsored work resulted in <strong>226 commits</strong> to FreeBSD over the April to June period"
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20140724094043" rel="nofollow noopener">A new OpenBSD HTTPD is born</a></h3>

<ul>
<li>Work has begun on a new HTTP daemon in the OpenBSD base system</li>
<li>A lot of people are <a href="http://www.reddit.com/r/BSD/comments/2b7azm/openbsd_gets_its_own_http_server/" rel="nofollow noopener">asking</a> "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?</li>
<li>Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)</li>
<li>It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter</li>
<li>This has the added benefit of the usual, easy-to-understand syntax and privilege separation </li>
<li>There's a very brief <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8" rel="nofollow noopener">man page</a> online already</li>
<li>It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs</li>
<li>Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not)
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-July/000084.html" rel="nofollow noopener">pkgng 1.3 announced</a></h3>

<ul>
<li>The newest version of FreeBSD's second generation <a href="http://www.bsdnow.tv/tutorials/pkgng" rel="nofollow noopener">package management system</a> has been released, with lots of new features</li>
<li>It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)</li>
<li>Lots of the code has been sandboxed for extra security</li>
<li>You'll probably notice some new changes to the UI too, making things more user friendly</li>
<li>A few days later <a href="https://svnweb.freebsd.org/ports?view=revision&amp;sortby=date&amp;revision=362996" rel="nofollow noopener">1.3.1</a> was released to fix a few small bugs, then <a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=363108" rel="nofollow noopener">1.3.2</a> shortly thereafter and <a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=363363" rel="nofollow noopener">1.3.3</a> yesterday
***</li>
</ul>

<h3><a href="http://twisteddaemon.com/post/92921205276/freebsd-installed-your-next-five-moves-should-be" rel="nofollow noopener">FreeBSD after-install security tasks</a></h3>

<ul>
<li>A number of people have written in to ask us "how do I secure my BSD box after I install it?"</li>
<li>With this blog post, hopefully most of their questions will finally be answered in detail</li>
<li>It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things</li>
<li>Not only does it just list things to do, but the post also does a good job of explaining why you should do them</li>
<li>Maybe we'll see some more posts in this series in the future
***</li>
</ul>

<h2>Interview - Brent Cook - <a href="mailto:bcook@openbsd.org" rel="nofollow noopener">bcook@openbsd.org</a> / <a href="https://twitter.com/busterbcook" rel="nofollow noopener">@busterbcook</a></h2>

<p>LibreSSL's portable version and development</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.tiltedwindmillpress.com/?product=freebsd-mastery-storage-essentials" rel="nofollow noopener">FreeBSD Mastery - Storage Essentials</a></h3>

<ul>
<li><a href="http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop" rel="nofollow noopener">MWL</a>'s new book about the FreeBSD storage subsystems now has an early draft available</li>
<li>Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes</li>
<li>Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance</li>
<li>You'll get access to the completed (e)book when it's done if you buy the early draft</li>
<li>The suggested price is $8
***</li>
</ul>

<h3><a href="http://www.reddit.com/r/BSD/comments/2buea5/why_bsd_and_not_linux_or_why_linux_and_not_bsd/" rel="nofollow noopener">Why BSD and not Linux?</a></h3>

<ul>
<li>Yet another thread comes up asking why you should choose BSD over Linux or vice-versa</li>
<li>Lots of good responses from users of the various BSDs</li>
<li>Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."</li>
<li>And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."</li>
<li>Some other users share their switching experiences - worth a read
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20140724161550" rel="nofollow noopener">More g2k14 hackathon reports</a></h3>

<ul>
<li>Following up from last week's <a href="http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv" rel="nofollow noopener">huge list</a> of hackathon reports, we have a few more</li>
<li><a href="http://undeadly.org/cgi?action=article&amp;sid=20140724161550" rel="nofollow noopener">Landry Breuil</a> spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream</li>
<li><a href="http://undeadly.org/cgi?action=article&amp;sid=20140728122850" rel="nofollow noopener">Andrew Fresh</a> enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl</li>
<li><a href="http://undeadly.org/cgi?action=article&amp;sid=20140729070721" rel="nofollow noopener">Ted Unangst</a> did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth</li>
<li>Luckily we didn't have to cover 20 new ones this time!
***</li>
</ul>

<h3><a href="http://bsdtalk.blogspot.com/2014/07/mandoc-with-ingo-schwarze.html" rel="nofollow noopener">BSDTalk episode 243</a></h3>

<ul>
<li>The newest episode of <a href="http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk" rel="nofollow noopener">BSDTalk</a> is out, featuring an interview with Ingo Schwarze of the OpenBSD team</li>
<li>The main topic of discussion is mandoc, which some users might not be familiar with</li>
<li>mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)</li>
<li>We'll catch up to you soon, Will!
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2xLRQytAZ" rel="nofollow noopener">Thomas writes in</a></li>
<li><a href="http://slexy.org/view/s21AYng20n" rel="nofollow noopener">Stephen writes in</a></li>
<li><a href="http://slexy.org/view/s2DwLRdQDS" rel="nofollow noopener">Sha'ul writes in</a></li>
<li><a href="http://slexy.org/view/s2E05L31BC" rel="nofollow noopener">Florian writes in</a></li>
<li><a href="http://slexy.org/view/s21Nmg3Jrk" rel="nofollow noopener">Bob Beck writes in</a> - and note the "Caution" section that was added to <a href="http://www.libressl.org/" rel="nofollow noopener">libressl.org</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsd.org/news/status/report-2014-04-2014-06.html" rel="nofollow noopener">FreeBSD quarterly status report</a></h3>

<ul>
<li>FreeBSD has gotten quite a lot done this quarter</li>
<li>Changes in the way release branches are supported - major releases will get at least five years over their lifespan</li>
<li>A new automounter is in the works, hoping to replace amd (which has some issues)</li>
<li>The CAM target layer and RPC stack have gotten some major optimization and speed boosts</li>
<li>Work on ZFSGuru continues, with a large status report specifically for that</li>
<li>The report also mentioned some new committers, both source and ports</li>
<li>It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show</li>
<li>"Foundation-sponsored work resulted in <strong>226 commits</strong> to FreeBSD over the April to June period"
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20140724094043" rel="nofollow noopener">A new OpenBSD HTTPD is born</a></h3>

<ul>
<li>Work has begun on a new HTTP daemon in the OpenBSD base system</li>
<li>A lot of people are <a href="http://www.reddit.com/r/BSD/comments/2b7azm/openbsd_gets_its_own_http_server/" rel="nofollow noopener">asking</a> "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?</li>
<li>Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)</li>
<li>It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter</li>
<li>This has the added benefit of the usual, easy-to-understand syntax and privilege separation </li>
<li>There's a very brief <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8" rel="nofollow noopener">man page</a> online already</li>
<li>It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs</li>
<li>Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not)
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-July/000084.html" rel="nofollow noopener">pkgng 1.3 announced</a></h3>

<ul>
<li>The newest version of FreeBSD's second generation <a href="http://www.bsdnow.tv/tutorials/pkgng" rel="nofollow noopener">package management system</a> has been released, with lots of new features</li>
<li>It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)</li>
<li>Lots of the code has been sandboxed for extra security</li>
<li>You'll probably notice some new changes to the UI too, making things more user friendly</li>
<li>A few days later <a href="https://svnweb.freebsd.org/ports?view=revision&amp;sortby=date&amp;revision=362996" rel="nofollow noopener">1.3.1</a> was released to fix a few small bugs, then <a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=363108" rel="nofollow noopener">1.3.2</a> shortly thereafter and <a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=363363" rel="nofollow noopener">1.3.3</a> yesterday
***</li>
</ul>

<h3><a href="http://twisteddaemon.com/post/92921205276/freebsd-installed-your-next-five-moves-should-be" rel="nofollow noopener">FreeBSD after-install security tasks</a></h3>

<ul>
<li>A number of people have written in to ask us "how do I secure my BSD box after I install it?"</li>
<li>With this blog post, hopefully most of their questions will finally be answered in detail</li>
<li>It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things</li>
<li>Not only does it just list things to do, but the post also does a good job of explaining why you should do them</li>
<li>Maybe we'll see some more posts in this series in the future
***</li>
</ul>

<h2>Interview - Brent Cook - <a href="mailto:bcook@openbsd.org" rel="nofollow noopener">bcook@openbsd.org</a> / <a href="https://twitter.com/busterbcook" rel="nofollow noopener">@busterbcook</a></h2>

<p>LibreSSL's portable version and development</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.tiltedwindmillpress.com/?product=freebsd-mastery-storage-essentials" rel="nofollow noopener">FreeBSD Mastery - Storage Essentials</a></h3>

<ul>
<li><a href="http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop" rel="nofollow noopener">MWL</a>'s new book about the FreeBSD storage subsystems now has an early draft available</li>
<li>Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes</li>
<li>Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance</li>
<li>You'll get access to the completed (e)book when it's done if you buy the early draft</li>
<li>The suggested price is $8
***</li>
</ul>

<h3><a href="http://www.reddit.com/r/BSD/comments/2buea5/why_bsd_and_not_linux_or_why_linux_and_not_bsd/" rel="nofollow noopener">Why BSD and not Linux?</a></h3>

<ul>
<li>Yet another thread comes up asking why you should choose BSD over Linux or vice-versa</li>
<li>Lots of good responses from users of the various BSDs</li>
<li>Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."</li>
<li>And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."</li>
<li>Some other users share their switching experiences - worth a read
***</li>
</ul>

<h3><a href="http://undeadly.org/cgi?action=article&amp;sid=20140724161550" rel="nofollow noopener">More g2k14 hackathon reports</a></h3>

<ul>
<li>Following up from last week's <a href="http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv" rel="nofollow noopener">huge list</a> of hackathon reports, we have a few more</li>
<li><a href="http://undeadly.org/cgi?action=article&amp;sid=20140724161550" rel="nofollow noopener">Landry Breuil</a> spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream</li>
<li><a href="http://undeadly.org/cgi?action=article&amp;sid=20140728122850" rel="nofollow noopener">Andrew Fresh</a> enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl</li>
<li><a href="http://undeadly.org/cgi?action=article&amp;sid=20140729070721" rel="nofollow noopener">Ted Unangst</a> did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth</li>
<li>Luckily we didn't have to cover 20 new ones this time!
***</li>
</ul>

<h3><a href="http://bsdtalk.blogspot.com/2014/07/mandoc-with-ingo-schwarze.html" rel="nofollow noopener">BSDTalk episode 243</a></h3>

<ul>
<li>The newest episode of <a href="http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk" rel="nofollow noopener">BSDTalk</a> is out, featuring an interview with Ingo Schwarze of the OpenBSD team</li>
<li>The main topic of discussion is mandoc, which some users might not be familiar with</li>
<li>mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)</li>
<li>We'll catch up to you soon, Will!
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2xLRQytAZ" rel="nofollow noopener">Thomas writes in</a></li>
<li><a href="http://slexy.org/view/s21AYng20n" rel="nofollow noopener">Stephen writes in</a></li>
<li><a href="http://slexy.org/view/s2DwLRdQDS" rel="nofollow noopener">Sha'ul writes in</a></li>
<li><a href="http://slexy.org/view/s2E05L31BC" rel="nofollow noopener">Florian writes in</a></li>
<li><a href="http://slexy.org/view/s21Nmg3Jrk" rel="nofollow noopener">Bob Beck writes in</a> - and note the "Caution" section that was added to <a href="http://www.libressl.org/" rel="nofollow noopener">libressl.org</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
  </channel>
</rss>
