This episode was brought to you by

Headlines

Major changes coming in PCBSD 11

• The PCBSD team has announced that version 11.0 will have some more pretty big changes (as they've been known to do lately with NTP daemons and firewalls)
• Switching from PF to IPFW provided some benefits for VIMAGE, but the syntax was just too complicated for regular everyday users
• To solve this, they've ported over Linux's iptables, giving users a much more straightforward configuration
• While ZFS has served them well as the default filesystem for a while, Kris decided that Btrfs would be a better choice going forward
• Since the FreeBSD kernel doesn't support it natively, all filesystem calls will be through FUSE from now on - performance is Good Enough
• People often complain about PCBSD's huge ISO download, so, to save space, the default email client will be switched to mutt, and KDE will be replaced with DWM as the default window manager
• To reconfigure it, or make any appearance changes, users just need to edit a simple C header file and recompile - easy peasy
• As we've mentioned on the show, PCBSD has been promoting safe backup solutions for a long time with its "life preserver" utility, making it simple to manage multiple snapshots too
• To test if people have been listening to this advice, Kris recently activated the backdoor he put in life preserver that deletes all the users' files - hope you had that stuff backed up ***

NetBSD and FreeBSD join forces

• The BSD community has been running into one of the same problems Linux has lately: we just have too many different BSDs to choose from
• What's more, none of them have any specific areas they focus on or anything like that (they're all basically the same)
• That situation is about to improve somewhat, as FreeBSD and NetBSD have just merged codebases... say hello to FretBSD
• Within a week, all mailing lists and webservers for the legacy NetBSD and FreeBSD projects will be terminated - the mailing list for the new combined project will be hosted from the United Nations datacenter on a Microsoft Exchange server
• As UN monitors will be moderating the mailing lists to prevent disagreements and divisive arguments before they begin, this system is expected to be adequate for the load
• With FretBSD, your toaster can now run ZFS, so you'll never need to worry about the bread becoming silently corrupted again ***

Puffy in the cloud

• If you've ever wanted to set up a backup server, especially for family members or someone who's not as technology-savvy, you've probably realized there are a lot of options
• This post explores the option of setting up your own Dropbox-like service with Owncloud and PostgreSQL, running atop the new OpenBSD http daemon
• Doing it this way with your own setup, you can control all the security aspects - disk encryption, firewall rules, who can access what and from where, etc
• He also mentions our pf tutorial being helpful in blocking script kiddies from hammering the box
• Be sure to encourage your less-technical friends to always back up their important data ***

NetBSD at AsiaBSDCon

• Some NetBSD developers have put together a report of what they did at the most recent event in Tokyo
• It includes a wrap-up of the event, as well as a list of presentations that NetBSD developers gave
• Have you ever wanted even more pictures of NetBSD running on lots of devices? There's a never-ending supply, apparently
• At the BSD research booth of AsiaBSDCon, there were a large number of machines on display, and someone has finally uploaded pictures of all of them
• There's also a video of an OMRON LUNA-II running the luna68k port ***

Interview - Kamila Součková - kamila@ksp.sk / @anotherkamila

BSD conferences, Google Summer of Code, various topics

News Roundup

FreeBSD foundation March update

• The FreeBSD foundation has published their March update for fundraising and sponsored projects
• In the document, you'll find information about upcoming ARMv8 enhancements, some event recaps and a Google Summer of Code status update
• They also mention our interview with the foundation president - be sure to check it out if you haven't ***

Inside OpenBSD's new httpd

• BSD news continues to dominate mainstream tech news sites… well not really, but they talk about it once in a while
• The SD Times is featuring an article about OpenBSD's in-house HTTP server, after seeing Reyk's AsiaBSDCon presentation about it (which he's giving at BSDCan this year, too)
• In this article, they talk about the rapid transition of webservers in the base system - apache being replaced with nginx, only to be replaced with httpd shortly thereafter
• Since the new daemon has had almost a full release cycle to grow, new features and fixes have been pouring in
• The post also highlights some of the security features: everything runs in a chroot with privsep by default, and it also leverages strong TLS 1.2 defaults (including Perfect Forward Secrecy) ***

Using poudriere without OpenSSL

• Last week we talked about using LibreSSL in FreeBSD for all your ports
• One of the problems that was mentioned is that some ports are configured improperly, and end up linking against the OpenSSL in the base system even when you tell them not to
• This blog post shows how to completely strip OpenSSL out of the poudriere build jails, something that's a lot more difficult than you'd think
• If you're a port maintainer, pay close attention to this post, and get your ports fixed to adhere to the make.conf options properly ***

HAMMER and GPT in OpenBSD

• Someone, presumably a Google Summer of Code student, wrote in to the lists about his HAMMER FS porting proposal
• He outlined the entire process and estimated timetable, including what would be supported and which aspects were beyond the scope of his work (like the clustering stuff)
• There's no word yet on if it will be accepted, but it's an interesting idea to explore, especially when you consider that HAMMER really only has one developer
• In more disk-related news, Ken Westerback has been committing quite a lot of GPT-related fixes recently
• Full GPT support will most likely be finished before 5.8, but anything involving HAMMER FS is still anyone's guess ***

Feedback/Questions

• Morgan writes in
• Dustin writes in
• Stan writes in
• Mica writes in ***

Mailing List Gold

• Developers in freefall
• Xorg thieves pt. 1
• Xorg thieves pt. 2 ***

This episode was brought to you by

Headlines

Secure communications with OpenBSD and OpenVPN

• Starting off today's theme of encryption...
• A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
• Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)
• Part 2 covers the initial setup of OpenVPN certificates and keys
• Parts 3 and 4 are the OpenVPN server and client configuration
• Part 5 is some updates and closing remarks ***

FreeBSD Foundation Newsletter

• The December 2013 semi-annual newsletter was sent out from the foundation
• In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
• The president's letter alone is worth the read, really amazing
• Really long, with lots of details and stories from the conferences and projects ***

Use of NetBSD with Marvell Kirkwood Processors

• Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
• The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."
• Really cool little NetBSD ARM project with lots of graphs, pictures and details ***

Experimenting with zero-copy network IO

• Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD
• Discusses the different OS' implementations and options
• He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there
• Tons of details, check the full post ***

Interview - Damien Miller - djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Tutorial

Full disk encryption in FreeBSD & OpenBSD

News Roundup

OpenZFS office hours

• Our buddy George Wilson sat down to take some ZFS questions from the community
• You can see more info about it here ***

License summaries in pkgng

• A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
• Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow
• Maybe we could get a "pkg licenses" command to display the license of all installed packages
• Ok bapt, do it ***

The FreeBSD challenge continues

• Checking in with our buddy from the Linux foundation...
• The switching from Linux to FreeBSD blog series continues for his month-long trial
• Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge. Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."
• Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more ***

Ports gets a stable branch

• For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch
• This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes
• All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1 ***

Feedback/Questions

• John writes in
• Spencer writes in
• Campbell writes in
• Sha'ul writes in
• Clint writes in ***