This episode was brought to you by

Headlines

BSD panel at Phoenix LUG

• The Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD
• It had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience
• They covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy
• It was a good "real world" example of things potential switchers are curious to know about
• They closed by concluding that more diversity is always better, and even if you've got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea ***

Book of PF signed copy auction

• Peter Hansteen (who we've had on the show) is auctioning off the first signed copy of the new Book of PF
• All the profits from the sale will go to the OpenBSD Foundation
• The updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD's versions (which still use ALTQ, among other differences)
• If you're interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf - and the money will also go to a good cause
• Michael Lucas has challenged Peter to raise more for the foundation than his last book selling - let's see who wins
• Pause the episode, go bid on it and then come back! ***

FreeBSD Foundation goes to EuroBSDCon

• Some people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report
• They also sponsored four other developers to go
• The foundation was there "to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD"
• They also have a second report from Kamil Czekirda
• A total of $2000 was raised at the conference ***

OpenBSD 5.6 released

• Note: we're doing this story a couple days early - it's actually being released on November 1st (this Saturday), but we have next week off and didn't want to let this one slip through the cracks - it may be out by the time you're watching this
• Continuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6
• It includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features
• 5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it
• You can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial for that)
• ALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed
• This will serve as a "transitional" release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd and from BIND to Unbound
• Sendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions
• As always, 5.6 comes with its own song and artwork - the theme this time was obviously LibreSSL
• Be sure to check the full changelog (it's huge) and pick up a CD or tshirt to support their efforts
• If you don't already have the public key releases are signed with, getting a physical CD is a good "out of bounds" way to obtain it safely
• Here are some cool images of the set
• After you do your installation or upgrade, don't forget to head over to the errata page and apply any patches listed there ***

Interview - John-Mark Gurney - jmg@freebsd.org / @encthenet

Updating FreeBSD's IPSEC stack

News Roundup

Clang in DragonFly BSD

• As we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang almost exclusively on i386/amd64
• Some DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly
• We'd love to see more BSDs switch to Clang/LLVM eventually, it's a lot more modern than the old GCC most are using ***

reallocarray(): integer overflow detection for free

• One of the less obvious features in OpenBSD 5.6 is a new libc function: "reallocarray()"
• It's a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost
• Theo and a few other developers have already started a mass audit of the entire source tree, replacing many instances with this new feature
• OpenBSD's explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too ***

Switching from Linux blog

• A listener of the show has started a new blog series, detailing his experiences in switching over to BSD from Linux
• After over ten years of using Linux, he decided to give BSD a try after listening to our show (which is awesome)
• So far, he's put up a few posts about his initial thoughts, some documentation he's going through and his experiments so far
• It'll be an ongoing series, so we may check back in with him again later on ***

Owncloud in a FreeNAS jail

• One of the most common emails we get is about running Owncloud in FreeNAS
• Now, finally, someone made a video on how to do just that, and it's even jailed
• A member of the FreeNAS community has uploaded a video on how to set it up, with lighttpd as the webserver backend
• If you're looking for an easy way to back up and sync your files, this might be worth a watch ***

Feedback/Questions

• Ernõ writes in
• David writes in
• Kamil writes in
• Torsten writes in
• Dominik writes in ***

Mailing List Gold

• That's not our IP
• Is this thing on? ***

This episode was brought to you by

Headlines

FreeBSD foundation's new IPSEC project

• The FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code
• With bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance
• This new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD
• The updated stack will also support AES-NI for hardware-based encryption speed ups
• It's expected to be completed by the end of September, and will also be in pfSense 2.2 ***

NetBSD at Shimane Open Source Conference 2014

• The Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23
• One of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary
• They had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations
• Some visitors said that NetBSD had the most chaotic booth at the conference ***

pfSense 2.1.5 released

• A new version of the pfSense 2.1 branch is out
• Mostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched in -RELEASE after nearly a month)
• It also includes many other bug fixes, check the blog post for the full list ***

Systems, Science and FreeBSD

• Our friend George Neville-Neil gave a presentation at Microsoft Research
• It's mainly about using FreeBSD as a platform for research, inside and outside of universities
• The talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more ***

Interview - Reyk Floeter - reyk@openbsd.org / @reykfloeter

OpenBSD's HTTP daemon

Tutorial

A crash course on HAMMER FS

News Roundup

OpenBSD's rcctl tool usage

• OpenBSD recently got a new tool for managing /etc/rc.conf.local in -current
• Similar to FreeBSD's "sysrc" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services
• This blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services
• It won't make it to 5.6, but will be in 5.7 (next May) ***

pfSense mini-roundup

• We found five interesting pfSense articles throughout the week and wanted to quickly mention them
• The first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a "smart" DNS service
• The second post talks about setting ip IPv6, in particular if Comcast is your ISP
• The third one features pfSense on Softpedia, a more mainstream tech site
• The fourth post describes how to filter HTTPS traffic with Squid and pfSense
• The last article describes setting up a VPN using the "tinc" daemon and pfSense
• It seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about
• This pfSense HQ website seems to have lots of other cool pfSense items, check it out ***

OpenBSD's new buffer cache

• OpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems
• Ted Unangst has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work
• Initial tests show positive results in terms of cache responsiveness
• Check the post for all the fine details ***

BSDTalk episode 244

• Another new BSDTalk is up and, this time around, Will Backman interviews Ken Moore, the developer of the new BSD desktop environment
• They discuss the history of development, differences between it and other DEs, lots of topics
• If you're more of a visual person, fear not, because...
• We'll have Ken on next week, including a full "virtual walkthrough" of Lumina and its applications ***

Feedback/Questions

• Ghislain writes in
• Raynold writes in
• Van writes in
• Sean writes in
• Stefan writes in ***

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• FreeBSD has gotten quite a lot done this quarter
• Changes in the way release branches are supported - major releases will get at least five years over their lifespan
• A new automounter is in the works, hoping to replace amd (which has some issues)
• The CAM target layer and RPC stack have gotten some major optimization and speed boosts
• Work on ZFSGuru continues, with a large status report specifically for that
• The report also mentioned some new committers, both source and ports
• It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
• "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" ***

A new OpenBSD HTTPD is born

• Work has begun on a new HTTP daemon in the OpenBSD base system
• A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
• Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
• It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
• This has the added benefit of the usual, easy-to-understand syntax and privilege separation
• There's a very brief man page online already
• It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
• Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) ***

pkgng 1.3 announced

• The newest version of FreeBSD's second generation package management system has been released, with lots of new features
• It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
• Lots of the code has been sandboxed for extra security
• You'll probably notice some new changes to the UI too, making things more user friendly
• A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday ***

FreeBSD after-install security tasks

• A number of people have written in to ask us "how do I secure my BSD box after I install it?"
• With this blog post, hopefully most of their questions will finally be answered in detail
• It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
• Not only does it just list things to do, but the post also does a good job of explaining why you should do them
• Maybe we'll see some more posts in this series in the future ***

Interview - Brent Cook - bcook@openbsd.org / @busterbcook

LibreSSL's portable version and development

News Roundup

FreeBSD Mastery - Storage Essentials

• MWL's new book about the FreeBSD storage subsystems now has an early draft available
• Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
• Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
• You'll get access to the completed (e)book when it's done if you buy the early draft
• The suggested price is $8 ***

Why BSD and not Linux?

• Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
• Lots of good responses from users of the various BSDs
• Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
• And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
• Some other users share their switching experiences - worth a read ***

More g2k14 hackathon reports

• Following up from last week's huge list of hackathon reports, we have a few more
• Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
• Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
• Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
• Luckily we didn't have to cover 20 new ones this time! ***

BSDTalk episode 243

• The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
• The main topic of discussion is mandoc, which some users might not be familiar with
• mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
• We'll catch up to you soon, Will! ***

Feedback/Questions

• Thomas writes in
• Stephen writes in
• Sha'ul writes in
• Florian writes in
• Bob Beck writes in - and note the "Caution" section that was added to libressl.org ***