NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

FreeBSD Network Troubleshooting

FreeBSD has a full set of debugging features, and the network stack is able to report a ton of information. So much that it can be hard to figure out what is relevant and what is not.

---

The State of FreeBSD

License to thrill: Ahead of v13.0, the FreeBSD team talks about Linux and the completed toolchain project that changes everything

News Roundup

dhcpleased(8) - DHCP client daemon

With the following commit, Florian Obser (florian@) imported dhcpleased(8), DHCP daemon to acquire IPv4 address leases from servers, plus dhcpleasectl(8), a utility to control the daemon:

---

bhyve for Calamares Development

bhyve (pronounced “bee hive”) is a hypervisor for BSD systems (and Illumos / openSolaris). It is geared towards server workloads, but does support desktop-oriented operation as well. I spent some time wayyyy back in November wrestling with it in order to replace VirtualBox for Calamares testing on FreeBSD. The “golden hint” as far as I’m concerned came from Karen Bruner and now I have a functioning Calamares test-ground that is more useful than before.
“Calamares is a free and open-source independent and distro-agnostic system installer for Linux distributions.“

---

Some new FreeBSD/EC2 features: EFS automount and ebsnvme-id

As my regular readers will be aware, I've been working on and gradually improving FreeBSD/EC2 for many years. Recently I've added two new features, which are available in the weekly HEAD and 12-STABLE snapshots and will appear in releases starting from 12.2-RELEASE.

---

Old Usenix pictures

---

Beastie Bits

[https://2021.eurobsdcon.org/](CFP is open until May 26th, 2021)

EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 16-19 2021 in Vienna, Austria or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday.
The Call for Talk and Presentation proposals period will close on May 26th, 2021. Prospective speakers will be notified of acceptance or otherwise by June 1st, 2021.

---

[https://campgnd.com/](CFP is open until 2021-04-15)

campgndd will be held May 28th, 29th and 30th 2021, from wherever you happen to be.
We're looking for submissions on anything you're enthusiastic and excited about. If you enjoy it, the odds are we will too! You don't need to be an expert to propose anything.
Some example of things we are looking for are:
Talks
Walkthroughs
Music

From the Desk of Michael Lucas…

New Release: Only Footnotes
I’ve lost count of the number of people who have told me that they purchase my books only for the footnotes. That’s okay. I don’t care why people buy my books, only that they do buy them. Nevertheless, I am a businessman living under capitalism and feel compelled to respond to my market.
Allow me to present my latest release: Only Footnotes, a handsome hardcover-only compilation of decades of footnotes. From the back cover:
-----
Only Footnotes. Because that’s why you read his books.
Academics hate footnotes. Michael W Lucas loves them. What he does with them wouldn’t pass academic muster, but that doesn’t mean the reader should skip them. The footnotes are the best part! Why not read only the footnotes, and skip all that other junk?
After literal minutes of effort, Only Footnotes collects every single footnote from all of Lucas’ books to date.* Recycle those cumbersome treatises stuffed with irrelevant facts! No more flipping through pages and pages of actual technical knowledge looking for the offhand movie reference or half-formed joke. This slender, elegant volume contains everything the man ever passed off as his dubious, malformed “wisdom.”
Smart books have footnotes. Smarter books are only footnotes.
*plus additional annotations from the author. Because sometimes even a footnote needs a footnote.
----
With interior illustrations by OpenBSD’s akoshibe, this distinguished tome would make fine inspirational reading for a system administrator, network engineer, or anyone sentenced to a life in information technology. Available at all fine bookstores, and many mediocre ones!

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

Special Guest: Tom Jones.

This episode was brought to you by

Headlines

FreeBSD and OpenBSD in GSOC2014

• The Google Summer of Code is a way to encourage students to write code for open source projects and make some money
• Both FreeBSD and OpenBSD were accepted, and we'd love for anyone listening to check out their GSOC pages
• The FreeBSD wiki has a list of things that they'd be interested in someone helping out with
• OpenBSD's want list was also posted
• DragonflyBSD and NetBSD were sadly not accepted this year ***

Yes, you too can be an evil network overlord

• A new blog post about monitoring your network using only free tools
• OpenBSD is a great fit, and has all the stuff you need in the base system or via packages
• It talks about the pflow pseudo-interface, its capabilities and relation to NetFlow (also goes well with pf)
• There's also details about flowd and nfsen, more great tools to make network monitoring easy
• If you're listening, Peter... stop ignoring our emails and come on the show! We know you're watching! ***

BSDMag's February issue is out

• The theme is "configuring basic services on OpenBSD 5.4"
• There's also an interview with Peter Hansteen (oh hey...)
• Topics also include locking down SSH, a GIMP lesson, user/group management, and...
• Linux and Solaris articles? Why?? ***

Changes in bcrypt

• Not specific to any OS, but the OpenBSD team is updating their bcrypt implementation
• There is a bug in bcrypt when hashing long passwords - other OSes need to update theirs too! (FreeBSD already has)
• "The length is stored in an unsigned char type, which will overflow and wrap at 256. Although we consider the existence of affected hashes very rare, in order to differentiate hashes generated before and after the fix, we are introducing a new minor 'b'."
• As long as you upgrade your OpenBSD system in order (without skipping versions) you should be ok going forward
• Lots of specifics in the email, check the full thing ***

Interview - Will Backman - bitgeist@yahoo.com / @bsdtalk

The BSDTalk podcast, BSD advocacy, various topics

Tutorial

Tracking and cross-compiling -CURRENT (NetBSD)

News Roundup

X11 no longer needs root

• Xorg has long since required root privileges to run the main server
• With recent work from the OpenBSD team, now everything (even KMS) can run as a regular user
• Now you can set the "machdep.allowaperture" sysctl to 0 and still use a GUI ***

OpenSSH 6.6 CFT

• Shortly after the huge 6.5 release, we get a routine bugfix update
• Test it out on as many systems as you can
• Check the mailing list for the full bug list ***

Creating an OpenBSD USB drive

• Since OpenBSD doesn't distribute any official USB images, here are some instructions on how to do it
• Step by step guide on how you can make your very own
• However, there's some recent emails that suggest official USB images may be coming soon... oh wait ***

PCBSD weekly digest

• New PBI updates that allow separate ports from /usr/local
• You need to rebuild pbi-manager if you want to try it out
• Updates and changes to Life Preserver, App Cafe, PCDM ***

Feedback/Questions

• espressowar writes in
• Antonio writes in
• Christian writes in
• Adam writes in
• Alex writes in ***

This episode was brought to you by

Headlines

FreeBSD 10.0-RELEASE is out

• The long awaited, giant release of FreeBSD is now official and ready to be downloaded
• One of the biggest releases in FreeBSD history, with tons of new updates
• Some features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system... the list goes on and on
• Start up your freebsd-update or do a source-based upgrade ***

OpenSSH 6.5 CFT

• Our buddy Damien Miller announced a Call For Testing for OpenSSH 6.5
• Huge, huge release, focused on new features rather than bugfixes (but it includes those too)
• New ciphers, new key formats, new config options, see the mailing list for all the details
• Should be in OpenBSD 5.5 in May, look forward to it - but also help test on other platforms! ***

DIY NAS story, FreeNAS 9.2.1-BETA

• Another new blog post about FreeNAS!
• Instead of updating the older tutorials, the author started fresh and wrote a new one for 2014
• "I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS"
• Really long article with lots of nice details about his setup, why you might want a NAS, etc.
• Speaking of FreeNAS, they released 9.2.1-BETA with lots of bugfixes ***

OpenBSD needed funding for electricity.. and they got it

• Briefly mentioned at the end of last week's show, but has blown up over the internet since
• OpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments
• They needed about $20,000 to cover electric costs for the server rack in Theo's basement
• Lots of positive reaction from the community helping out so far, and it appears they have reached their goal and got $100,000 in donations
• From Bob Beck: "we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation"
• This is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large ***

Interview - Colin Percival - cperciva@freebsd.org / @cperciva

FreeBSD on Amazon EC2, backups with Tarsnap, 10.0-RELEASE, various topics

Tutorial

Bandwidth monitoring and testing

News Roundup

pfSense talk at Tokyo FreeBSD Benkyoukai

• Isaac Levy will be presenting "pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments"
• He's also going to be looking for help to translate the pfSense documentation into Japanese
• The event is on February 17, 2014 if you're in the Tokyo area ***

m0n0wall 1.8.1 released

• For those who don't know, m0n0wall is an older BSD-based firewall OS that's mostly focused on embedded applications
• pfSense was forked from it in 2004, and has a lot more active development now
• They switched to FreeBSD 8.4 for this new version
• Full list of updates in the changelog
• This version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no! ***

Ansible and PF, plus NTP

• Another blog post from our buddy Michael Lucas
• There've been some NTP amplification attacks recently in the news
• The post describes how he configured ntpd on a lot of servers without a lot of work
• He leverages pf and ansible for the configuration
• OpenNTPD is, not surprisingly, unaffected - use it ***

ruBSD videos online

• Just a quick followup from a few weeks ago
• Theo and Henning's talks from ruBSD are now available for download
• There's also a nice interview with Theo ***

PCBSD weekly digest

• 10.0-RC4 images are available
• Wine PBI is now available for 10
• 9.2 systems will now be able to upgrade to version 10 and keep their PBI library ***

Feedback/Questions

• Sha'ul writes in
• Kjell-Aleksander writes in
• Mike writes in
• Charlie writes in (and gets a reply)
• Kevin writes in ***

Headlines

OpenSSH 6.4 released

• Security fixes in OpenSSH don't happen very often
• 6.4 fixes a memory corruption problem, no new features
• If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.
• Disabling AES-GCM in the server configuration is a workaround
• Only affects 6.2 and 6.3 if compiled against a newer OpenSSL (so FreeBSD 9's base OpenSSL is unaffected, for example)
• Full details here ***

Getting to know your portmgr-lurkers

• Next entry in portmgr interview series
• This time they chat with Mathieu Arnold, one of the portmgr-lurkers we mentioned previously
• Lots of questions ranging from why he uses BSD to what he had for breakfast
• Another one was since released, with Antoine Brodin aka antoine@ ***

FUSE in OpenBSD

• As we glossed over last week, FUSE was recently added to OpenBSD
• Now the guys from the OpenBSD Journal have tracked down more information
• This version is released under an ISC license
• Should be in OpenBSD 5.5, released a little less than 6 months from now
• Will finally enable things like SSHFS to work in OpenBSD ***

Automated submission of kernel panic reports

• New tool from Colin Percival
• Saves information about kernel panics and emails it to FreeBSD
• Lets you review before sending so you can edit out any private info
• Automatically encrypted before being sent
• FreeBSD never kernel panics so this won't get much use ***

Interview - Justin Sherrill - justin@dragonflybsd.org / @dragonflybsd

DragonflyBSD 3.6 and the Dragonfly Digest

Tutorial

Building an OpenBSD Router

News Roundup

BSD router project 1.5 released

• Nice timing for our router tutorial; TBRP is a FreeBSD distribution for installing on a router
• It's an alternative to pfSense, but not nearly as well known or popular
• New version is based on 9.2-RELEASE, includes lots of general updates and bugfixes
• Fits on a 256MB Compact Flash/USB drive ***

Curve25519 now default key exchange

• We mentioned in an earlier episode about a patch for curve25519
• Now it's become the default for key exchange
• Will probably make its way into OpenSSH 6.5, would've been in 6.4 if we didn't have that security vulnerability
• It's interesting to see all these big changes in cryptography in OpenBSD lately ***

FreeBSD kernel selection in boot menu

• Adds a kernel selection menu to the beastie menu
• List of kernels is taken from 'kernels' in loader.conf as a space or comma separated list of names to display (up to 9)
• From our good buddy Devin Teske ***

PCBSD weekly digest

• PCDM has officially replaced GDM as the default login manager
• New ISO build scripts (we got a sneak preview last week)
• Lots of bug fixes
• Second set of 10-STABLE ISOs available with new artwork and much more ***

Theo de Raadt speaking at MUUG

• Theo will be speaking at Manitoba UNIX User Group in Winnipeg
• On Friday, Nov 15, 2013 at 5:30PM (see show notes for the address)
• If you're watching the show live you have time to make plans, if you're watching the downloaded version it might be happening right now!
• No agenda, but expect some OpenBSD discussion ***

Feedback/Questions

• Dave writes in
• James writes in
• Allen writes in
• Chess writes in
• Frank writes in ***