NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Linux vs. FreeBSD : Linux and FreeBSD Firewalls – The Ultimate Guide : Part 1

Why Netflix Chose NGINX as the Heart of Its CDN

News Roundup

FreeBSD: Protect your web servers against PHP shells and malwares

HowTo: Installing and running Gitlab

Beastie Bits

• [World built in 36 hours on a Pentium 4!](https://www.reddit.com/r/freebsd/comments/13undl9/world_built_in_36_hours_on_a_pentium_4/)
• [Fart init](https://x61.sh/log/2023/05/23052023153621-fart-init.html](https://x61.sh/log/2023/05/23052023153621-fart-init.html)
• [Organized Freebies](https://mwl.io/archives/22832)
• [OpenSMTPD 7.3.0p0 released](http://undeadly.org/cgi?action=article;sid=20230617111340)
• [shutdown/reboot now require membership of group _shutdown](http://undeadly.org/cgi?action=article;sid=20230620064255)
• [Where does my computer get the time from?](https://dotat.at/@/2023-05-26-whence-time.html)

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. ***

Feedback/Questions

• sam - fav episodes
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

This episode was brought to you by

Headlines

NetBSD's EuroBSDCon report

• This year's EuroBSDCon had the record number of NetBSD developers attending
• The NetBSD guys had a small devsummit as well, and this blog post details some of their activities
• Pierre Pronchery also talked about EdgeBSD there (also see our interview if you haven't already)
• Hopefully this trend continues, and NetBSD starts to have even more of a presence at the conferences ***

Upcoming features in OpenBSD 5.6

• OpenBSD 5.6 is to be released in just under a month from now, and one of the developers wrote a blog post about some of the new features
• The post is mostly a collection of various links, many of which we've discussed before
• It'll be the first version with LibreSSL and many other cool things
• We will, of course, have all the details on the day of release
• There are some good comments on hacker news about 5.6 as well ***

FreeBSD ARMv8-based implementation

• The FreeBSD foundation is sponsoring some work to port FreeBSD to the new ThunderX ARM CPU family
• With the potential to have up to 48 cores, this type of CPU might make ARM-based servers a more appealing option
• Cavium, the company involved with this deal, seems to have lots of BSD fans
• This collaboration is expected to result in Tier 1 recognition of the ARMv8 architecture ***

Updating orphaned OpenBSD ports

• We discussed OpenBSD porting over portscout from FreeBSD a while back
• Their ports team is making full use of it now, and they're also looking for people to help update some unmaintained ports
• A new subdomain, portroach.openbsd.org, will let you view all the ports information easily
• If you're interested in learning to port software, or just want to help update a port you use, this is a good chance to get involved ***

Interview - Matt Ranney & George Kola - mjr@ranney.com & george.kola@voxer.com

BSD at Voxer, companies switching from Linux, community interaction

Tutorial

Adblocking with DNSMasq & Pixelserv

News Roundup

GhostBSD 4.0 released

• The 4.0 branch of GhostBSD has finally been released, based on FreeBSD 10
• With it come all the big 10.0 changes: clang instead of gcc, pkgng by default, make replaced by bmake
• Mate is now the default desktop, with different workstation styles to choose from ***

Reports from PF about banned IPs

• If you run any kind of public-facing server, you've probably seen your logs fill up with unwanted traffic
• This is especially true if you run SSH on port 22, which the author of this post seems to
• A lot can be done with just PF and some brute force tables
• He goes through some different options for blocking Chinese IPs and break-in attempts
• It includes a useful script he wrote to get reports about the IPs being blocked via email ***

NetBSD 6.1.5 and 6.0.6 released

• The 6.1 and 6.0 branches of NetBSD got some updates
• They include a number of security and stability fixes - plenty of OpenSSL mentions
• Various panics and other small bugs also got fixed ***

OpenSSH 6.7 released

• After a long delay, OpenSSH 6.7 has finally been released
• Major internal refactoring has been done to make part of OpenSSH usable as a library
• SFTP transfers can now be resumed
• Lots of bug fixes, a few more new features - check the release notes for all the details
• This release disables some insecure ciphers by default, so keep that in mind if you connect with legacy clients that use Arcfour or CBC modes ***

Feedback/Questions

• Andriy writes in
• Karl writes in
• Possnfiffer writes in
• Brad writes in
• Solomon writes in ***