BSD Now - Episodes Tagged with “Meetbsd”

105: Virginia BSD Assembly

JT Pennington — Wed, 02 Sep 2015 08:00:00 -0400

It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out.

This episode was brought to you by

Headlines

OpenBSD hypervisor coming soon

Our buddy Mike Larkin never rests, and he posted some very tight-lipped console output on Twitter recently
From what little he revealed at the time, it appeared to be a new hypervisor (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled "vmm"
Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is
Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation
One thing to note: this isn't just a port of something like Xen or Bhyve; it's all-new code, and Mike explains why he chose to go that route
He also answered some basic questions about the requirements, when it'll be available, what OSes it can run, what's left to do, how to get involved and so on ***

Why FreeBSD should not adopt launchd

Last week we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD
One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we've learned)
In this article, the author talks about why he thinks this is a bad idea
He doesn't oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail
The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities
Reddit had quite a bit to say about this one, some in agreement and some not ***

DragonFly graphics improvements

The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack
This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs
You should also see some power management improvements, longer battery life and various other bug fixes
If you're running DragonFly, especially on a laptop, you'll want to get this stuff on your machine quick - big improvements all around ***

OpenBSD tames the userland

Last week we mentioned OpenBSD's tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are
Theo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools
It's still a work-in-progress version; there's still more to be added (including the file path whitelist stuff)
Some classic utilities are even being reworked to make taming them easier - the "w" command, for example
The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)
More discussion can be found on HN, as one might expect
If you're a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release ***

Interview - Scott Courtney - vbsdcon@verisign.com / @verisign

vBSDCon 2015

News Roundup

OPNsense, beyond the fork

We first heard about OPNsense back in January, and they've since released nearly 40 versions, spanning over 5,000 commits
This is their first big status update, covering some of the things that've happened since the project was born
There's been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything ***

LibreSSL nukes SSLv3

With their latest release, LibreSSL began to turn off SSLv3 support, starting with the "openssl" command
At the time, SSLv3 wasn't disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)
They've now flipped the switch, and the process of complete removal has started
From the Undeadly summary, "This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!"
With this change and a few more to follow shortly, Libre*SSL* won't actually support SSL anymore - time to rename it "LibreTLS" ***

FreeBSD MPTCP updated

For anyone unaware, Multipath TCP is "an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy."
There's been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated
Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements
Some big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start ***

UEFI and GPT in OpenBSD

There hasn't been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently
Some support for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review
This comes along with a number of other commits related to GPT, much of which is being refactored and slowly reintroduced
Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should "just work" with GPT (once everything's in)
The UEFI bootloader support has been committed, so stay tuned for more updates as further progress is made ***

Feedback/Questions

66: Conference Connoisseur

JT Pennington — Wed, 03 Dec 2014 08:00:00 -0500

This week on the show, we'll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We've also got answers to all your emails and the latest news, coming up on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

BSD-powered digital library in Africa

You probably haven't heard much about Nzega, Tanzania, but it's an East African country without much internet access
With physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school
They now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)
The school's workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it ***

pfSense 2.2 status update

With lots of people asking when the 2.2 release will be done, some pfSense developers decided to provide a status update
2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc
All these things have taken more time than previously expected
The post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release ***

Recommended hardware threads

A few threads on caught our attention this week, all about hardware recommendations for BSD setups
In the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS
Everyone gave some good recommendations for low power, Atom-based systems
The second thread started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread
For a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the third and fourth threads confirming this
If you're thinking about building your first BSD box - server, router, NAS, whatever - these might be some good links to read ***

Interview - Paul Schenkeveld - freebsd@psconsult.nl

Running a BSD conference

News Roundup

From Linux to FreeBSD - for reals

Another Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)
After being a Linux guy for 20(!) years, he's ready to switch his systems over, and is looking for some helpful guides to transition
In the comments, a lot of new switchers offer some advice and reading material
If any of the listeners have some things that were helpful along your switching journey, maybe send 'em this guy's way ***

Running FreeBSD as a Xen Dom0

Continuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor
This wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it
Xen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)
The wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet ***

HardenedBSD updates and changes

a.out is the old executable format for Unix
The name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968
FreeBSD, on which HardenedBSD is based, switched away from a.out in version 3.0
A restriction against NULL mapping was introduced in FreeBSD 7 and enabled by default in FreeBSD 8
However, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited
HardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’
Package building update: more consistent repo, no more i386 packages ***

Feedback/Questions

Boris writes in
Alex writes in (edit: adding "tinker panic 0" to the ntp.conf will disable the sanity check)
Chris writes in
Robert writes in
Jake writes in ***

Mailing List Gold

Real world authpf use
The great perl event of 2014 ***

64: Rump Kernels Revisited

JT Pennington — Wed, 19 Nov 2014 08:00:00 -0500

This time on the show, we'll be talking with Justin Cormack about NetBSD rump kernels. We'll learn how to run them on other operating systems, what's planned for the future and a lot more. As always, answers to viewer-submitted questions and all the news for the week, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and tutorials

The 2014 EuroBSDCon videos have been online for over a month, but unannounced - keep in mind these links may be temporary (but we'll mention their new location in a future show and fix the show notes if that's the case)
Arun Thomas, BSD ARM Kernel Internals
Ted Unangst, Developing Software in a Hostile Environment
Martin Pieuchot, Taming OpenBSD Network Stack Dragons
Henning Brauer, OpenBGPD turns 10 years
Claudio Jeker, vscsi and iscsid iSCSI initiator the OpenBSD way
Paul Irofti, Making OpenBSD Useful on the Octeon Network Gear
Baptiste Daroussin, Cross Building the FreeBSD ports tree
Boris Astardzhiev, Smartcom’s control plane software, a customized version of FreeBSD
Michał Dubiel, OpenStack and OpenContrail for FreeBSD platform
Martin Husemann & Joerg Sonnenberger, Tool-chaining the Hydra, the ongoing quest for modern toolchains in NetBSD
Taylor R Campbell, The entropic principle: /dev/u?random and NetBSD
Dag-Erling Smørgrav, Securing sensitive & restricted data
Peter Hansteen, Building The Network You Need With PF
Stefan Sperling, Subversion for FreeBSD developers
Peter Hansteen, Transition to OpenBSD 5.6
Ingo Schwarze, Let’s make manuals more useful
Francois Tigeot, Improving DragonFly’s performance with PostgreSQL
Justin Cormack, Running Applications on the NetBSD Rump Kernel
Pierre Pronchery, EdgeBSD, a year later
Peter Hessler, Using routing domains or tables in a production network
Sean Bruno, QEMU user mode on FreeBSD
Kristaps Dzonsons, Bugs Ex Ante
Yann Sionneau, Porting NetBSD to the LatticeMico32 open source CPU
Alexander Nasonov, JIT Code Generator for NetBSD
Masao Uebayashi, Porting Valgrind to NetBSD and OpenBSD
Marc Espie, parallel make, working with legacy code
Francois Tigeot, Porting the drm-kms graphic drivers to DragonFly
The following talks (from the Vitosha track room) are all currently missing:
Jordan Hubbard, FreeBSD, Looking forward to another 10 years (but we have another recording)
Theo de Raadt, Randomness, how arc4random has grown since 1998 (but we have another recording)
Kris Moore, Snapshots, Replication, and Boot-Environments
Kirk McKusick, An Introduction to the Implementation of ZFS
John-Mark Gurney, Optimizing GELI Performance
Emmanuel Dreyfus, FUSE and beyond, bridging filesystems
Lourival Vieira Neto, NPF scripting with Lua
Andy Tanenbaum, A Reimplementation of NetBSD Based on a Microkernel
Stefano Garzarella, Software segmentation offloading for FreeBSD
Ted Unangst, LibreSSL
Shawn Webb, Introducing ASLR In FreeBSD
Ed Maste, The LLDB Debugger in FreeBSD
Philip Guenther, Secure lazy binding ***

OpenBSD adopts SipHash

Even more DJB crypto somehow finds its way into OpenBSD's base system
This time it's SipHash, a family of pseudorandom functions that's resistant to hash bucket flooding attacks while still providing good performance
After an initial import and some clever early usage, a few developers agreed that it would be better to use it in a lot more places
It will now be used in the filesystem, and the plan is to utilize it to protect all kernel hash functions
Some other places that Bernstein's work can be found in OpenBSD include the ChaCha20-Poly1305 authenticated stream cipher and Curve25519 KEX used in SSH, ChaCha20 used in the RNG, and Ed25519 keys used in signify and SSH ***

FreeBSD 10.1-RELEASE

FreeBSD's release engineering team likes to troll us by uploading new versions just a few hours after we finish recording an episode
The first maintenance update for the 10.x branch is out, improving upon a lot of things found in 10.0-RELEASE
The vt driver was merged from -CURRENT and can now be enabled with a loader.conf switch (and can even be used on a PlayStation 3)
Bhyve has gotten quite a lot of fixes and improvements from its initial debut in 10.0, including boot support for ZFS
Lots of new ARM hardware is supported now, including SMP support for most of them
A new kernel selection menu was added to the loader, so you can switch between newer and older kernels at boot time
10.1 is the first to support UEFI booting on amd64, which also has serial console support now
Lots of third party software (OpenSSH, OpenSSL, Unbound..) and drivers have gotten updates to newer versions
It's a worthy update from 10.0, or a good time to try the 10.x branch if you were avoiding the first .0 release, so grab an ISO or upgrade today
Check the detailed release notes for more information on all the changes
Also take a look at some of the known problems to see if you'll be affected by any of them
PC-BSD was also updated accordingly with some of their own unique features and changes ***

arc4random - Randomization for All Occasions

Theo de Raadt gave an updated version of his EuroBSDCon presentation at Hackfest 2014 in Quebec
The presentation is mainly about OpenBSD's arc4random function, and outlines the overall poor state of randomization in the 90s and how it has evolved in OpenBSD over time
It begins with some interesting history on OpenBSD and how it became a security-focused OS - in 1996, their syslogd got broken into and "suddenly we became interested in security"
The talk also touches on how low-level changes can shake up the software ecosystem and third party packages that everyone uses
There's some funny history on the name of the function (being called arc4random despite not using RC4 anymore) and an overall status update on various platforms' usage of it
Very detailed and informative presentation, and the slides can be found here
A great quote from the beginning: "We consider ourselves a community of (probably rather strange) people who work on software specifically for the purpose of trying to make it better. We take a 'whole-systems' approach: trying to change everything in the ecosystem that's under our control, trying to see if we can make it better. We gain a lot of strength by being able to throw backwards compatibility out the window. So that means that we're able to do research and the minute that we decide that something isn't right, we'll design an alternative for it and push it in. And if it ends up breaking everybody's machines from the previous stage to the next stage, that's fine because we'll end up in a happier place." ***

Interview - Justin Cormack - justin@netbsd.org / @justincormack

NetBSD on Xen, rump kernels, various topics

News Roundup

The FreeBSD foundation's biggest donation

The FreeBSD foundation has a new blog post about the largest donation they've ever gotten
From the CEO of WhatsApp comes a whopping one million dollars in a single donation
It also has some comments from the donor about why they use BSD and why it's important to give back
Be sure to donate to the foundation of whatever BSD you use when you can - every little bit helps, especially for OpenBSD, NetBSD and DragonFly who don't have huge companies supporting them regularly like FreeBSD does ***

OpenZFS Dev Summit 2014 videos

Videos from the recent OpenZFS developer summit are being uploaded, with speakers from different represented platforms and companies
Matt Ahrens, opening keynote
Raphael Carvalho, Platform Overview: ZFS on OSv
Brian Behlendorf, Platform Overview: ZFS on Linux
Prakash Surya, Platform Overview: illumos
Xin Li, Platform Overview: FreeBSD
All platforms, Group Q&A Session
Dave Pacheco, Manta
Saso Kiselkov, Compression
George Wilson, Performance
Tim Feldman, Host-Aware SMR
Pavel Zakharov, Fast File Cloning
The audio is pretty poor on all of them unfortunately ***

BSDTalk 248

Our friend Will Backman is still busy getting BSD interviews as well
This time he sits down with Matthew Dillon, the lead developer of DragonFly BSD
We've never had Dillon on the show, so you'll definitely want to give this one a listen
They mainly discuss all the big changes coming in DragonFly's upcoming 4.0 release ***

MeetBSD 2014 videos

The presentations from this year's MeetBSD conference are starting to appear online as well
Kirk McKusick, A Narrative History of BSD
Jordan Hubbard, FreeBSD: The Next 10 Years
Brendan Gregg, Performance Analysis
The slides can be found here ***

Feedback/Questions

Mailing List Gold

63: A Man's man(1)

JT Pennington — Wed, 12 Nov 2014 08:00:00 -0500

This time on the show, we've got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week's news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

Updates to FreeBSD's random(4)

FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
Pluggable modules can now be written to add more sources of entropy
These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9 ***

OpenBSD Tor relays and network diversity

We've talked about getting more BSD-based Tor nodes a few times in previous episodes
The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
With the security features and attention to detail, it makes for an excellent dedicated Tor box
More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it ***

SSP now default for FreeBSD ports

SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed ***

Building an OpenBSD firewall and router

While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community
They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
Through the comments, we also find out that QuakeCon runs OpenBSD on their network
Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already ***

Interview - Kristaps Džonsons - kristaps@bsd.lv

Mandoc, historical man pages, various topics

Tutorial

Throttling bandwidth with PF

News Roundup

NetBSD at Kansai Open Forum 2014

Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
As always, you can find lots of pictures in the trip report ***

Getting to know your portmgr lurkers

The lovable "getting to know your portmgr" series makes its triumphant return
This time around, they interview Alex, one of the portmgr lurkers that joined just this month
"How would you describe yourself?" "Too lazy."
Another post includes a short interview with Emanuel, another new lurker
We discussed the portmgr lurkers initiative with Steve Wills a while back ***

NetBSD's ARM port gets SMP

The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released
There are also a few nice pictures in the article ***

A high performance mid-range NAS

This blog post is about FreeNAS and optimizing iSCSI performance
It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
There are some nice graphs and lots of detail if you're interested in tweaking some of your own settings
They conclude "there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload" ***

Feedback/Questions

Mailing List Gold

62: Gift from the Sun

JT Pennington — Wed, 05 Nov 2014 08:00:00 -0500

We're away at MeetBSD this week, but we've still got a great show for you. We'll be joined by Pawel Dawidek, who's done quite a lot of things in FreeBSD over the years, including the initial ZFS port. We'll get to hear how that came about, what he's up to now and a whole lot more. We'll be back next week with a normal episode of BSD Now - the place to B.. SD.

This episode was brought to you by

Interview - Pawel Jakub Dawidek - pjd@freebsd.org

Porting ZFS, GEOM, GELI, Capsicum, various topics

61: IPSECond Wind

JT Pennington — Wed, 29 Oct 2014 08:00:00 -0400

This week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD's IPSEC stack. We'll learn what he's adding, what needed to be fixed and how we'll benefit from the changes. As always, answers to your emails and all of this week's news, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

BSD panel at Phoenix LUG

The Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD
It had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience
They covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy
It was a good "real world" example of things potential switchers are curious to know about
They closed by concluding that more diversity is always better, and even if you've got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea ***

Book of PF signed copy auction

Peter Hansteen (who we've had on the show) is auctioning off the first signed copy of the new Book of PF
All the profits from the sale will go to the OpenBSD Foundation
The updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD's versions (which still use ALTQ, among other differences)
If you're interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf - and the money will also go to a good cause
Michael Lucas has challenged Peter to raise more for the foundation than his last book selling - let's see who wins
Pause the episode, go bid on it and then come back! ***

FreeBSD Foundation goes to EuroBSDCon

Some people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report
They also sponsored four other developers to go
The foundation was there "to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD"
They also have a second report from Kamil Czekirda
A total of $2000 was raised at the conference ***

OpenBSD 5.6 released

Note: we're doing this story a couple days early - it's actually being released on November 1st (this Saturday), but we have next week off and didn't want to let this one slip through the cracks - it may be out by the time you're watching this
Continuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6
It includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features
5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it
You can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial for that)
ALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed
This will serve as a "transitional" release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd and from BIND to Unbound
Sendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions
As always, 5.6 comes with its own song and artwork - the theme this time was obviously LibreSSL
Be sure to check the full changelog (it's huge) and pick up a CD or tshirt to support their efforts
If you don't already have the public key releases are signed with, getting a physical CD is a good "out of bounds" way to obtain it safely
Here are some cool images of the set
After you do your installation or upgrade, don't forget to head over to the errata page and apply any patches listed there ***

Interview - John-Mark Gurney - jmg@freebsd.org / @encthenet

Updating FreeBSD's IPSEC stack

News Roundup

Clang in DragonFly BSD

As we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang almost exclusively on i386/amd64
Some DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly
We'd love to see more BSDs switch to Clang/LLVM eventually, it's a lot more modern than the old GCC most are using ***

reallocarray(): integer overflow detection for free

One of the less obvious features in OpenBSD 5.6 is a new libc function: "reallocarray()"
It's a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost
Theo and a few other developers have already started a mass audit of the entire source tree, replacing many instances with this new feature
OpenBSD's explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too ***

Switching from Linux blog

A listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux
After over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome)
So far, he's put up a few posts about his initial thoughts, some documentation he's going through and his experiments so far
It'll be an ongoing series, so we may check back in with him again later on ***

Owncloud in a FreeNAS jail

One of the most common emails we get is about running Owncloud in FreeNAS
Now, finally, someone made a video on how to do just that, and it's even jailed
A member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend
If you're looking for an easy way to back up and sync your files, this might be worth a watch ***

Feedback/Questions

Mailing List Gold

That's not our IP
Is this thing on? ***

50: VPN, My Dear Watson

JT Pennington — Wed, 13 Aug 2014 08:00:00 -0400

It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

MeetBSD 2014 is approaching

The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California
MeetBSD has an "unconference" format, which means there will be both planned talks and community events
All the extra details will be on their site soon
It also has hotels and various other bits of useful information - hopefully with more info on the talks to come
Of course, EuroBSDCon is coming up before then ***

First experiences with OpenBSD

A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"
The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try
He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"
From there, it talks about how he used the OpenBSD USB image and got a fully-working system
He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration
Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! ***

NetBSD rump kernels on bare metal (and Kansai OSC report)

When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right
However, NetBSD's rump kernels - a very unique concept - make this process a lot easier
This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week
Also have a look back at episode 8 for our interview about rump kernels and what exactly they do
While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight ***

OpenSSL and LibreSSL updates

OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)
Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more
LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them
Whichever version of whatever SSL you use, make sure it's patched for these issues
DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT) ***

Interview - Robert Watson - rwatson@freebsd.org

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

If you use git (like a certain host of this show) then you've probably considered setting up your own server
This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend
It even shows you how to set up multiple repos with key-based user separation and other cool things
The author of the post is also a listener of the show, thanks for sending it in! ***

Backup devices for small businesses

In this article, different methods of data storage and backup are compared
After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer
He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers
It also goes over some of the hardware specifics in the FreeNAS Mini ***

A new Xenocara interview

As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara
If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches
In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing
Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there ***

Building a high performance FreeBSD samba server

If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?
FreeBSD, ZFS and Samba obviously!
The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients
This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)
It doesn't even require the newest or best hardware with the right changes, pretty cool ***