This episode was brought to you by

Headlines

BSDCan 2014 talks and reports

• The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links
• Karl Lehenbauer's keynote (he's on next week's episode)
• Mariusz Zaborski and Pawel Jakub Dawidek, Capsicum and Casper (relevant to today's interview)
• Luigi Rizzo, In-kernel OpenvSwitch on FreeBSD
• Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage
• Warner Losh, NAND Flash and FreeBSD
• Simon Gerraty, FreeBSD bmake and Meta Mode
• Bob Beck, LibreSSL - The First 30 Days
• Henning Brauer, OpenBGPD Turns 10 Years Old
• Arun Thomas, BSD ARM Kernel Internals
• Peter Hessler, Using BGP for Realtime Spam Lists
• Pedro Giffuni, Features and Status of FreeBSD's Ext2 Implementation
• Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements
• Daichi Goto, Shellscripts and Commands
• Benno Rice, Keeping Current
• Sean Bruno, MIPS Router Hacking
• John-Mark Gurney, Optimizing GELI Performance
• Patrick Kelsey, Userspace Networking with libuinet
• Massimiliano Stucchi, IPv6 Transitioning Mechanisms
• Roger Pau Monné, Taking the Red Pill
• Shawn Webb, Introducing ASLR in FreeBSD
• There's also a trip report from Peter Hessler and one from Julio Merino
• The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend) ***

Defend your network and privacy with a VPN and OpenBSD

• After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back
• This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities
• There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used
• You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)
• It also includes a few general privacy tips, recommended browser extensions, etc
• The intro to the article is especially great, so give the whole thing a read
• He mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you're watching! ***

You should try FreeBSD

• In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that
• He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two
• Possibly the most useful part is how to address the question "my server already works, why bother switching?"
• "Stackoverflow’s answers assume I have apt-get installed"
• It includes mention of the great documentation, stability, ports, improved security and much more
• A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before" ***

OpenBSD and the little Mauritian contributor

• This is a story about a guy from Mauritius named Logan, one of OpenBSD's newest developers
• Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP
• The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon
• It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem
• Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back ***

Interview - Jon Anderson - jonathan@freebsd.org

Capsicum and Casperd

Tutorial

Encrypting DNS lookups

News Roundup

FreeBSD Journal, May 2014 issue

• The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle
• This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling
• Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read ***

LibreSSL porting update

• Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off
• Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!
• This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example
• Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good ***

BSDMag May 2014 issue is out

• The usual monthly release from BSDMag, covering a variety of subjects
• This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things
• It's a free PDF, go grab it ***

BSDTalk episode 241

• A new episode of BSDTalk is out, this time with Bob Beck
• He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more
• The interview itself isn't about LibreSSL at all, but they do touch on it a bit too
• Really interesting stuff, covers a lot of different topics in a short amount of time ***

Feedback/Questions

• We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the vpnc package seems to be what we were looking for
• Tim writes in
• AJ writes in
• Peter writes in
• Thomas writes in
• Martin writes in ***

This episode was brought to you by

Headlines

FreeBSD's new testing infrastructure

• A new test suite was added to FreeBSD, with 3 powerful machines available
• Both -CURRENT and stable/10 have got the test suite build infrastructure in place
• Designed to help developers test and improve major scalability across huge amounts of CPUs and RAM
• More details available here
• Could the iXsystems monster server be involved...? ***

OpenBSD gets signify

• At long last, OpenBSD gets support for signed releases!
• For "the world's most secure OS" it was very easy to MITM kernel patches, updates, installer isos, everything
• A commit to the -current tree reveals a new "signify" tool is currently being kicked around
• More details in a blog post from the guy who committed it
• Quote: "yeah, briefly, the plan is to sign sets and packages. that's still work in progress." ***

Faces of FreeBSD

• This time they interview Isabell Long
• She's a volunteer staff member on the freenode IRC network
• In 2011, she participated in the Google Code-In contest and became involved with documentation
• "The new committer mentoring process proved very useful and that, plus the accepting community of FreeBSD, are reasons why I stay involved." ***

pkgsrc-2013Q4 branched

• The quarterly pkgsrc branch from NetBSD is out
• 13472 total packages for NetBSD-current/amd64 + 13049 binary packages built with clang!
• Lots of numbers and stats in the announcement
• pkgsrc works on quite a few different OSes, not just NetBSD
• See our interview with Amitai Schlair for a bit about pkgsrc ***

OpenBSD on Google's Compute Engine

• Google Compute Engine is a "cloud computing" platform similar to EC2
• Unfortunately, they only offer poor choices for the OS (Debian and CentOS)
• Recently it's been announced that there is a custom OS option
• It's using a WIP virtio-scsi driver, lots of things still need more work
• Lots of technical and networking details about the struggles to get OpenBSD working on it ***

The Installfest

We'll be showing you the installer of each of the main BSDs. As of the date this episode airs, we're using:

• FreeBSD 10.0
• OpenBSD 5.4
• NetBSD 6.1.2
• DragonflyBSD 3.6
• PCBSD 10.0 ***

News Roundup

Building an OpenBSD wireless access point

• A neat write up we found around the internet about making an OpenBSD wifi router
• Goes through the process of PXE booting, installing base, using a serial console, setting up networking and wireless
• Even includes a puffy sticker on the Soekris box at the end, how cute ***

FreeBSD 4.X jails on 10.0

• Blog entry from our buddy Michael Lucas
• For whatever reason (an "in-house application"), he needed to run a FreeBSD 4 jail in FreeBSD 10
• Talks about the options he had: porting software, virtualizing, dealing with slow old hardware
• He goes through the whole process of making an ancient jail
• It's "an acceptable trade-off, if it means I don’t have to touch actual PHP code." ***

Unscrewed: a story about OpenBSD

• Pretty long blog post about how a network admin used OpenBSD to save the day
• To set the tone, "It was 5am, and the network was down"
• Great war story about replacing expensive routers and networking equipment with cheaper hardware and BSD
• Mentions a lot of the built in tools and how OpenBSD is great for routers and high security applications ***

PCBSD weekly digest

• 10.0-RC3 is out and ready to be tested
• New detection of ATI Hybrid Graphics, they're working on nVidia next
• Re-classifying Linux jails as unsupported / experimental ***

Feedback/Questions

• Daniel writes in
• Erik writes in
• SW writes in
• [Bostjan writes in[(http://slexy.org/view/s20N9bfkum)
• Samuel writes in ***