NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

HAMBug hybrid meeting

• Hoping to squeeze in an in-person meeting incase the pandemic situation regresses *** ### Demystifying OpenZFS 2.0
• Do you like the articles we post? We are looking for authors (or even just your ideas) to keep providing these high quality articles.
• Job Posting *** ### OpenZFS 3.0 Introduced at Dev Summit *** ### OpenZFS vdev properties feature has been merged ***

News Roundup

October 2021 Home Infrastructure Status

Running Awk in parallel to process 256M records

FreeBSD Announce wayland 1.19.91

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Brad - running linux binaries under FreeBSD
• Lars - Finding BSD Topics via search engine
• Marc - Your views on this question on Reddit

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

OpenZFS 2.1 is out

FreeBSD TCP Performance System Controls

News Roundup

IPFS OpenBSD

Tips for running an online conference

My Fanless OpenBSD Desktop

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Bruce - Upgrading
• Chris - SMB Followup
• dmilith - kTLS

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

OpenBSD 6.8

Released Oct 18, 2020. (OpenBSD's 25th anniversary)

---

NetBSD 9.1 Released

The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.

---

OpenZFS Developer Summit 2020

As with most other conferences in the last six months, this year’s OpenZFS Developer’s Summit was a bit different than usual. Held via Zoom to accommodate for 2020’s new normal in terms of social engagements, the conference featured a mix of talks delivered live via webinars, and breakout sessions held as regular meetings. This helped recapture some of the “hallway track” that would be lost in an online conference.
• After attending the conference, I wrote up some of my notes from each of the talks
• Part 2

---

ZFS and FreeBSD Support

Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure, simply sign up for our monthly subscription! What's even better is that for the month of October we are giving away 3 months for free, for every yearly subscription, and one month free when you sign up for a 6-months subscription! Check it out on our website!

News Roundup

BastilleBSD - native container management for FreeBSD

Some time ago, I had the requirement to use FreeBSD in a project, and soon the question came up if Docker and Kubernetes can be used.
On FreeBSD, Docker is not very well supported, and even if you can get it running, Linux is used in a Docker container. My experience with Docker on FreeBSD is awful, and so I started looking for alternatives.
A quick search on one of the most significant online search engines led me to Jails and then to BastilleBSD.

Tarsnap – cleaning up old backups

I use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.

MWL - BookSale

For those interested in such things, I recently posted my 60,000th tweet. This prodded me to try an experiment I’ve been pondering for a while.
Over at my ebookstore, two of my books are now on a “Name Your Own Price” sale. You can get git commit murder and PAM Mastery for any price you wish, with a minimum of $1.

---

Beastie Bits

• Brian Kernighan: UNIX, C, AWK, AMPL, and Go Programming | Lex Fridman Podcast #109
• The UNIX Time-Sharing System - Dennis M. Ritchie and Ken Thompson - July 1974
• Using a 1930 Teletype as a Linux Terminal *** ###Tarsnap
• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• lars - infosec handbook
• scott - zfs import
• zhong - first episode

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

FreeBSD 11.4-RC2 Now Available

The second RC build of the 11.4-RELEASE release cycle is now available.

• 11.4-RELEASE notes (still in progress at the time of recording) ***

Install OpenBSD 6.7-current on a PineBook Pro 64

This document is work in progress and I'll update the date above once I change something. If you have something to add, remarks, etc please contact me. Preferably via Mastodon but other means of communication are also fine.

---

News Roundup

Understanding How OpenZFS Keeps Your Data Safe

Veteran technology writer Jim Salter wrote an excellent guide on the ZFS file system’s features and performance that we absolutely had to share. There’s plenty of information in the article for ZFS newbies and advanced users alike. Be sure to check out the article over at Ars Technica to learn more about ZFS concepts including pools, vdevs, datasets, snapshots, and replication, just to name a few.

---

Bringing FreeBSD to ec2

Colin is the founder of Tarsnap, a secure online backup service which combines the flexibility and scriptability of the standard UNIX "tar" utility with strong encryption, deduplication, and the reliability of Amazon S3 storage. Having started work on Tarsnap in 2006, Colin is among the first generation of users of Amazon Web Services, and has written dozens of articles about his experiences with AWS on his blog.

---

FreeBSD 2020 Community Survey

The FreeBSD Core Team invites you to complete the 2020 FreeBSD Community Survey. The purpose of this survey is to collect quantitative data from the public in order to help guide the project’s priorities and efforts. This is only the second time a survey has been conducted by the FreeBSD Project and your input is valued.
The survey will remain open for 14 days and will close on June 16th at 17:00 UTC (Tuesday 10am PDT).

---

Beastie Bits

• FreeBSD Project Proposals
• TJ Hacking
• Scotland Open Source podcast
• Next FreeBSD Office Hours on June 24, 2020 ***

Feedback/Questions

• Tom - Writing for LPIrstudio
• Luke - rstudio
• Matt - Vlans and Jails

• Morgan - Can I get some commentary on this issue

  ---

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

  ---

Sponsored By:

• Tarsnap Promo Code: bsdnow

Headlines

OpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload

It has been a while since I have posted here so I wanted to share something that was surprisingly difficult for me to figure out. I have a Thinkpad T440p that I have flashed with Coreboot 4.11 with some special patches that allow the newer machine to work. When I got the laptop, the default BIOS was UEFI and I installed two operating systems.

Windows 10 with bitlocker full disk encryption on the “normal” drive (I replaced the spinning 2.5″ disk with an SSD)

Ubuntu 19.10 on the m.2 SATA drive that I installed using LUKS full disk encryption

I purchased one of those carriers for the optical bay that allows you to install a third SSD and so I did that with the intent of putting OpenBSD on it. Since my other two operating systems were running full disk encryption, I wanted to do the same on OpenBSD.

• See article for rest of story

FreeBSD 12.0 EOL

Dear FreeBSD community,

As of February 29, 2020, FreeBSD 12.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 12.0 are strongly encouraged to upgrade to a newer release as soon as possible.

• 12.1 Active release
• 12.2 Release Schedule

News Roundup

Some effects of the ZFS DVA format on data layout and growing ZFS pools

One piece of ZFS terminology is DVA and DVAs, which is short for Data Virtual Address. For ZFS, a DVA is the equivalent of a block number in other filesystems; it tells ZFS where to find whatever data we're talking about. The short summary of what fields DVAs have and what they mean is that DVAs tell us how to find blocks by giving us their vdev (by number) and their byte offset into that particular vdev (and then their size). A typical DVA might say that you find what it's talking about on vdev 0 at byte offset 0x53a40ed000. There are some consequences of this that I hadn't really thought about until the other day.

Right away we can see why ZFS has a problem removing a vdev; the vdev's number is burned into every DVA that refers to data on it. If there's no vdev 0 in the pool, ZFS has no idea where to even start looking for data because all addressing is relative to the vdev. ZFS pool shrinking gets around this by adding a translation layer that says where to find the portions of vdev 0 that you care about after it's been removed.

Warning! Active Directory Security Changes Require TrueNAS and FreeNAS Updates.

• Critical Information for Current FreeNAS and TrueNAS Users

Microsoft is changing the security defaults for Active Directory to eliminate some security vulnerabilities in its protocols. Unfortunately, these new security defaults may disrupt existing FreeNAS/TrueNAS deployments once Windows systems are updated. The Windows updates may appear sometime in March 2020; no official date has been announced as of yet.

FreeNAS and TrueNAS users that utilize Active Directory should update to version 11.3 (or 11.2-U8) to avoid potential disruption of their networks when updating to the latest versions of Windows software after March 1, 2020. Version 11.3 has been released and version 11.2-U8 will be available in early March.

Full name of the FreeBSD Root Account

NetBSD now has a users(7) and groups(7) manual. Looking into what entries existed in the passwd and group files I wondered about root’s full name who we now know as Charlie Root in the BSDs....

OpenBSD Go Situation

Over in the fediverse, Pete Zaitcev had a reaction to my entry on OpenBSD versus Prometheus for us:

I don't think the situation is usually that bad. Our situation with Prometheus is basically a worst case scenario for Go on OpenBSD, and most people will have much better results, especially if you stick to supported OpenBSD versions.

If you stick to supported OpenBSD versions, upgrading your machines as older OpenBSD releases fall out of support (as the OpenBSD people want you to do), you should not have any problems with your own Go programs. The latest Go release will support the currently supported OpenBSD versions (as long as OpenBSD remains a supported platform for Go), and the Go 1.0 compatibility guarantee means that you can always rebuild your current Go programs with newer versions of Go. You might have problems with compiled binaries that you don't want to rebuild, but my understanding is that this is the case for OpenBSD in general; it doesn't guarantee a stable ABI even for C programs (cf). If you use OpenBSD, you have to be prepared to rebuild your code after OpenBSD upgrades regardless of what language it's written in.

Beastie Bits

• Test your TOR
• OPNsense 20.1.1 released
• pkg for FreeBSD 1.13

Feedback/Questions

• Bostjan writes in about Wireguard
• Charlie has a followup to wpa_supplicant as lower class citizen
• Lars writes about LibreSSL as a positive example

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Headlines

Linux Professional Institute Releases BSD Specialist Certification - re BSD Certification Group

Linux Professional Institute extends its Open Technology certification track with the BSD Specialist Certification. Starting October 30, 2019, BSD Specialist exams will be globally available. The certification was developed in collaboration with the BSD Certification Group which merged with Linux Professional Institute in 2018.

G. Matthew Rice, the Executive Director of Linux Professional Institute says that "the release of the BSD Specialist certification marks a major milestone for Linux Professional Institute. With this new credential, we are reaffirming our belief in the value of, and support for, all open source technologies. As much as possible, future credentials and educational programs will include coverage of BSD.”

OpenZFS Trip Report

The seventh annual OpenZFS Developer Summit took place on November 4th and 5th in San Francisco and brought together a healthy mix of familiar faces and new community participants. Several folks from iXsystems took part in the talks, hacking, and socializing at this amazing annual event. The messages of the event can be summed up as Unification, Refinement, and Ecosystem Tooling.

News Roundup

Using FreeBSD with Ports (2/2): Tool-assisted updating

• Part 1 here: https://eerielinux.wordpress.com/2019/08/18/using-freebsd-with-ports-1-2-classic-way-with-tools/

In the previous post I explained why sometimes building your software from ports may make sense on FreeBSD. I also introduced the reader to the old-fashioned way of using tools to make working with ports a bit more convenient.

In this follow-up post we’re going to take a closer look at portmaster and see how it especially makes updating from ports much, much easier. For people coming here without having read the previous article: What I describe here is not what every FreeBSD admin today should consider good practice (any more)! It can still be useful in special cases, but my main intention is to discuss this for building up the foundation for what you actually should do today.

LLDB Threading support now ready for mainline

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.

In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.

So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.

Linux VS open source UNIX

Beastie Bits

• Support for Realtek RTL8125 2.5Gb Ethernet controller
• Computer Files Are Going Extinct
• FreeBSD kernel hacking
• Modern BSD Computing for Fun on a VAX! Trying to use a VAX in today's world by Jeff Armstrong
• MidnightBSD 1.2 Released

Feedback/Questions

• Paulo - Zfs snapshots
• Phillip - GCP
• A Listener - Old episodes?

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Headlines

DragonflyBSD 5.6 is out

• Version 5.6.0 released 17 June 2019

• Version 5.6.1 released 19 June 2019

• Big-ticket items

• Improved VM

  • Informal test results showing the changes from 5.4 to 5.6 are available.
  • Reduce stalls in the kernel vm_page_alloc() code (vm_page_list_find()).
  • Improve page allocation algorithm to avoid re-iterating the same queues as the search is widened.
  • Add a vm_page_hash*() API that allows the kernel to do heuristical lockless lookups of VM pages.
  • Change vm_hold() and vm_unhold() semantics to not require any spin-locks.
  • Change vm_page_wakeup() to not require any spin-locks.
  • Change wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly.
  • Refactor the handling of fictitious pages.
  • Remove m->md.pv_list entirely. VM pages in mappings no longer allocate pv_entry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache).
  • Refactor vm_object shadowing, disconnecting the backing linkages from the vm_object itself and instead organizing the linkages in a new structure called vm_map_backing which hangs off the vm_map_entry.
  • pmap operations now iterate vm_map_backing structures (rather than spin-locked page lists based on the vm_page and pv_entry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations.
  • Simplify the collapse code, removing most of the original code and replacing it with simpler per-vm_map_entry optimizations to limit the shadow depth.

• DRM

  • Major updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however.
  • Improve UEFI framebuffer support.
  • A major deadlock has been fixed in the radeon/ttm code.
  • Refactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup.
  • Add DRM_IOCTL_GET_PCIINFO to improve mesa/libdrm support.
  • Fix excessive wired memory build-ups.
  • Fix Linux/DragonFly PAGE_MASK confusion in the DRM code.
  • Fix idr_*() API bugs.

• HAMMER2

  • The filesystem sync code has been rewritten to significantly improve performance.
  • Sequential write performance also improved.
  • Add simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash.
  • Refactor the snapshot code to reduce flush latency and to ensure a consistent snapshot.
  • Attempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency.
  • Improve umount operation.
  • Fix an allocator race that could lead to corruption.
  • Numerous other bugs fixed.
  • Improve verbosity of CHECK (CRC error) console messages.

OpenBSD Vulkan Support

Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port.
This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers.
This is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source.

• A note: The BSDs are no longer that far behind.
• FreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019)
• OpenBSD -current as of April 2019 uses DRM from Linux 4.19.34 ***

News Roundup

Bad utmp implementations in glibc and freebsd

I recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database.
In other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file).
I wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents.
Then I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system.

• A good find
• On FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk. ***

OpenSSH gets an update to protect against Side Channel attacks

Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.
SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.
However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.
In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”

ZFS vs OpenZFS

You’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue.
From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS.
Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology.

• There was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available here ***

Beastie Bits

• How to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR
• KnoxBug Meetup June 27th at 6pm
• BSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR
• Difference between $x and ${x}
• Beware of Software Engineering Media Sites
• How Verizon and a BGP optimizer knocked large parts of the internet offline today
• DragonflyBSD - MDS mitigation added a while ago
• Reminder: Register for EuroBSDcon 2019 in Lillehammer, Norway

Feedback/Questions

• Dave - CheriBSD
• Neb - Hello from Norway
• Lars - Ansible tutorial?

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

Headlines

ZFSonFreeBSD ports renamed OpenZFS

• The ZFS on FreeBSD project has renamed the userland and kernel ports from zol and zol-kmod to openzfs and openzfs-kmod
• The new versions from this week are IOCTL compatible with the command line tools in FreeBSD 12.0, so you can use the old userland with the new kernel module (although obviously not the new features)
• With the renaming it is easier to specify which kernel module you want to load in /boot/loader.conf: > zfs_load=”YES”
• or > openzfs_load=”YES”
• To load traditional or the newer version of ZFS
• The kmod still requires FreeBSD 12-stable or 13-current because it depends on the newer crypto support in the kernel for the ZFS native encryption feature. Allan is looking at ways to work around this, but it may not be practical.
• We would like to do an unofficial poll on how people would the userland to co-exist. Add a suffix to the new commands in /usr/local (zfs.new zpool.new or whatever). One idea i’ve had is to move the zfs and zpool commands to /libexec and make /sbin/zfs and /sbin/zpool a switcher script, that will call the base or ports version based on a config file (or just based on if the port is installed)
• For testing purposes, generally you should be fine as long as you don’t run ‘zpool upgrade’, which will make your pool only importable using the newer ZFS.
• For extra safety, you can create a ‘zpool checkpoint’, which will allow you to undo any changes that are made to the pool during your testing with the new openzfs tools. Note: the checkpoint will undo EVERYTHING. So don’t save new data you want to keep.
• Note: Checkpoints disable all freeing operations, to prevent any data from being overwritten so that you can re-import at the checkpoint and undo any operation (including zfs destroy-ing a dataset), so also be careful you don’t run out of space during testing.
• Please test and provide feedback.

How to use blacklistd(8) with NPF as a fail2ban replacement

• About blacklistd(8)

blacklistd(8) provides an API that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.
The interface to the packet filter is in /libexec/blacklistd-helper (this is currently designed for npf) and the configuration file (inspired from inetd.conf) is in etc/blacklistd.conf
Now, blacklistd(8) will require bpfjit(4) (Just-In-Time compiler for Berkeley Packet Filter) in order to properly work, in addition to, naturally, npf(7) as frontend and syslogd(8), as a backend to print diagnostic messages. Also remember npf shall rely on the npflog* virtual network interface to provide logging for tcpdump() to use.
Unfortunately (dont' ask me why :P) in 8.1 all the required kernel components are still not compiled by default in the GENERIC kernel (though they are in HEAD), and are rather provided as modules. Enabling NPF and blacklistd services would normally result in them being automatically loaded as root, but predictably on securelevel=1 this is not going to happen

News Roundup

[WIP] raidz expansion, alpha preview 1

• Motivation and Context > This is a alpha-quality preview of RAID-Z expansion. This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks). > For additional context as well as a design overview, see my short talk from the 2017 OpenZFS Developer Summit: slides video

Rant: running audio VU-meter increases my CO2 footprint

A couple months ago I noticed that the monitor on my workstation never power off anymore. Screensaver would go on, but DPMs (to do the poweroff) never kicked in.
I grovels the output of various tools that display DPMS settings, which as usual in Xorg were useless. Everybody said DPMS is on with a timeout. I even wrote my own C program to use every available Xlib API call and even the xscreensaver library calls. (should make it available) No go, everybody says that DPMs is on, enabled and set on a timeout. Didn’t matter whether I let xscreeensaver do the job or just the X11 server.
After a while I noticed that DPMS actually worked between starting my X11 server and starting all my clients. I have a minimal .xinitrc and start the actual session from a script, that is how I could notice. If I used a regular desktop login I wouldn’t have noticed. A server state bug was much more likely than a client bug.

• See the article for the rest...

XSAVE and compat32 kernel work for LLDB

Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types. You can read more about that in my Apr 2019 report.
In May, I was primarily continuing the work on new ptrace interface. Besides that, I've found and fixed a bug in ptrace() compat32 code, pushed LLVM buildbot to ‘green’ status and found some upstream LLVM regressions. More below.

Some things about where icons for modern X applications come from

If you have a traditional window manager like fvwm, one of the things it can do is iconify X windows so that they turn into icons on the root window (which would often be called the 'desktop'). Even modern desktop environments that don't iconify programs to the root window (or their desktop) may have per-program icons for running programs in their dock or taskbar. If your window manager or desktop environment can do this, you might reasonably wonder where those icons come from by default.
Although I don't know how it was done in the early days of X, the modern standard for this is part of the Extended Window Manager Hints. In EWMH, applications give the window manager a number of possible icons, generally in different sizes, as ARGB bitmaps (instead of, say, SVG format). The window manager or desktop environment can then pick whichever icon size it likes best, taking into account things like the display resolution and so on, and display it however it wants to (in its original size or scaled up or down).
How this is communicated in specific is through the only good interprocess communication method that X supplies, namely X properties. In the specific case of icons, the _NET_WM_ICON property is what is used, and xprop can display the size information and an ASCII art summary of what each icon looks like. It's also possible to use some additional magic to read out the raw data from _NET_WM_ICON in a useful format; see, for example, this Stackoverflow question and its answers.

Beastie Bits

• Recent Security Innovations
• Old Unix books + Solaris
• Pro-Desktop - A Tiling Desktop Environment
• The Tar Pipe
• At least one vim trick you might not know

Feedback/Questions

• Johnny - listener feedback
• Brian - Questions
• Mark - ZFS Question

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Headlines

What I learned during my FreeBSD intership

Hi, my name is Mitchell Horne. I am a computer engineering student at the University of Waterloo, currently in my third year of studies, and fortunate to have been one of the FreeBSD Foundation’s co-op students this past term (January to April). During this time I worked under Ed Maste, in the Foundation’s small Kitchener office, along with another co-op student Arshan Khanifar. My term has now come to an end, and so I’d like to share a little bit about my experience as a newcomer to FreeBSD and open-source development.

I’ll begin with some quick background — and a small admission of guilt. I have been an open-source user for a large part of my life. When I was a teenager I started playing around with Linux, which opened my eyes to the wider world of free software. Other than some small contributions to GNOME, my experience has been mostly as an end user; however, the value of these projects and the open-source philosophy was not lost on me, and is most of what motivated my interest in this position. Before beginning this term I had no personal experience with any of the BSDs, although I knew of their existence and was extremely excited to receive the position. I knew it would be a great opportunity for growth, but I must confess that my naivety about FreeBSD caused me to make the silent assumption that this would be a form of compromise — a stepping stone that would eventually allow me to work on open-source projects that are somehow “greater” or more “legitimate”. After four months spent immersed in this project I have learned how it operates, witnessed its community, and learned about its history. I am happy to admit that I was completely mistaken. Saying it now seems obvious, but FreeBSD is a project with its own distinct uses, goals, and identity. For many there may exist no greater opportunity than to work on FreeBSD full time, and with what I know now I would have a hard time coming up with a project that is more “legitimate”.

• What I Liked

In all cases, the work I submitted this term was reviewed by no less than two people before being committed. The feedback and criticism I received was always both constructive and to the point, and it commented on everything from high-level ideas to small style issues. I appreciate having these thorough reviews in place, since I believe it ultimately encourages people to accept only their best work. It is indicative of the high quality that already exists within every aspect of this project, and this commitment to quality is something that should continue to be honored as a core value. As I’ve discovered in some of my previous work terms, it is all too easy cut corners in the name of a deadline or changing priorities, but the fact that FreeBSD doesn’t need to make these types of compromises is a testament to the power of free software.

It’s a small thing, but the quality and completeness of the FreeBSD documentation was hugely helpful throughout my term. Everything you might need to know about utilities, library functions, the kernel, and more can be found in a man page; and the handbook is a great resource as both an introduction to the operating system and a reference. I only wish I had taken some time earlier in the term to explore the different documents more thoroughly, as they cover a wide range of interesting and useful topics. The effort people put into writing and maintaining FreeBSD’s documentation is easy to overlook, but its value cannot be overstated.

• What I Learned

Although there was a lot I enjoyed, there were certainly many struggles I faced throughout the term, and lessons to be learned from them. I expect that some of issues I faced may be specific to FreeBSD, while others may be common to open-source projects in general. I don’t have enough experience to speculate on which is which, so I will leave this to the reader.

The first lesson can be summed up simply: you have to advocate for your own work. FreeBSD is made up in large part by volunteer efforts, and in many cases there is more work to go around than people available to do it. A consequence of this is that there will not be anybody there to check up on you. Even in my position where I actually had a direct supervisor, Ed often had his plate full with so many other things that the responsibility to find someone to look at my work fell to me. Admittedly, a couple of smaller changes I worked on got left behind or stuck in review simply because there wasn’t a clear person/place to reach out to.

I think this is both a barrier of entry to FreeBSD and a mental hurdle that I needed to get over. If there’s a change you want to see included or reviewed, then you may have to be the one to push for it, and there’s nothing wrong with that. Perhaps this process should be easier for newcomers or infrequent contributors (the disconnect between Bugzilla and Phabricator definitely leaves a lot to be desired), but we also have to be aware that this simply isn’t the reality right now. Getting your work looked at may require a little bit more self-motivation, but I’d argue that there are much worse problems a project like FreeBSD could have than this.

I understand this a lot better now, but it is still something I struggle with. I’m not naturally the type of person who easily connects with others or asks for help, so I see this as an area for future growth rather than simply a struggle I encountered and overcame over the course of this work term. Certainly it is an important skill to understand the value of your own work, and equally important is the ability to communicate that value to others.

I also learned the importance of starting small. My first week or two on the job mainly involved getting set up and comfortable with the workflow. After this initial stage, I began exploring the project and found myself overwhelmed by its scale. With so many possible areas to investigate, and so much work happening at once, I felt quite lost on where to begin. Many of the potential projects I found were too far beyond my experience level, and most small bugs were picked up and fixed quickly by more experienced contributors before I could even get to them.

It’s easy to make the mistake that FreeBSD is made up solely of a few rock-star committers that do everything. This is how it appears at face-value, as reading through commits, bug reports, and mailing lists yields a few of the same names over and over. The reality is that just as important are the hundreds of users and infrequent contributors who take the time to submit bug reports, patches, or feedback. Even though there are some people who would fall under the umbrella of a rock-star committer, they didn’t get there overnight. Rather, they have built their skills and knowledge through many years of involvement in FreeBSD and similar projects.

As a student coming into this project and having high expectations of myself, it was easy to set the bar too high by comparing myself against those big committers, and feel that my work was insignificant, inadequate, and simply too infrequent. In reality, there is no reason I should have felt this way. In a way, this comparison is disrespectful to those who have reached this level, as it took them a long time to get there, and it’s a humbling reminder that any skill worth learning requires time, patience, and dedication. It is easy to focus on an end product and simply wish to be there, but in order to be truly successful one must start small, and find satisfaction in the struggle of learning something new. I take pride in the many small successes I’ve had throughout my term here, and appreciate the fact that my journey into FreeBSD and open-source software is only just beginning.

• Closing Thoughts

I would like to close with some brief thank-you’s. First, to everyone at the Foundation for being so helpful, and allowing this position to exist in the first place. I am extremely grateful to have been given this unique opportunity to learn about and give back to the open-source world. I’d also like to thank my office mates; Ed: for being an excellent mentor, who offered an endless wealth of knowledge and willingness to share it. My classmate and fellow intern Arshan: for giving me a sense of camaraderie and the comforting reminder that at many moments he was as lost as I was. Finally, a quick thanks to everyone else I crossed paths with who offered reviews and advice. I appreciate your help and look forward to working with you all further.

I am walking away from this co-op with a much greater appreciation for this project, and have made it a goal to remain involved in some capacity. I feel that I’ve gained a little bit of a wider perspective on my place in the software world, something I never really got from my previous co-ops. Whether it ends up being just a stepping stone, or the beginning of much larger involvement, I thoroughly enjoyed my time here.

Recent Developments in FreeBSD

• Support for encrypted, compressed (gzip and zstd), and network crash dumps enabled by default on most platforms
• Intel Microcode Splitter
• Intel Spec Store Bypass Disable control
• Raspberry Pi 3B+ Ethernet Driver
• IBRS for i386
• Upcoming:
• Microcode updater for AMD CPUs
• the RACK TCP/IP stack, from Netflix
• Voting in the FreeBSD Core Election begins today:

DigitalOcean Digital Ocean Promo Link for BSD Now Listeners

Running FreeNAS on a DigitalOcean Droplet

• Need to backup your FreeNAS offsite? Run a locked down instance in the cloud, and replicate to it
• The tutorial walks though the steps of converting a fresh FreeBSD based droplet into a FreeNAS
• Create a droplet, and add a small secondary block-storage device
• Boot the droplet, login, and download FreeNAS
• Disable swap, enable ‘foot shooting’ mode in GEOM
• use dd to write the FreeNAS installer to the boot disk
• Reboot the droplet, and use the FreeNAS installer to install FreeNAS to the secondary block storage device
• Now, reimage the droplet with FreeBSD again, to replace the FreeNAS installer
• Boot, and dd FreeNAS from the secondary block storage device back to the boot disk
• You can now destroy the secondary block device
• Now you have a FreeNAS, and can take it from there.
• Use the FreeNAS replication wizard to configure sending snapshots from your home NAS to your cloud NAS
• Note: You might consider creating a new block storage device to create a larger pool, that you can more easily grow over time, rather than using the boot device in the droplet as your main pool.

News Roundup

Network Manager Control for OpenBSD (Updated)

• Generalities

• I just remind the scope of this small tool:

  • allow you to pre-define several cable or wifi connections
  • let nmctl to connect automatically to the first available one
  • allow you to easily switch from one network connection to an other one
  • create openbox dynamic menus

• Enhancements in this version

This is my second development version: 0.2. I've added performed several changes in the code:

• code style cleanup, to better match the python recommendations
• adapt the tool to allow to connect to an Open-wifi having blancs in the name. This happens in some hotels
• implement a loop as work-around concerning the arp table issue.

The source code is still on the git of Sourceforge.net. You can see the files here

And you can download the last version here

• Feedbacks after few months

I'm using this script on my OpenBSD laptop since about 5 months. In my case, I'm mainly using the openbox menus and the --restart option.

• The Openbox menus

The openbox menus are working fine. As explain in my previous blog, I just have to create 2 entries in my openbox's menu.xml file, and all the rest comes automatically from nmctl itself thanks to the --list and --scan options. I've not changed this part of nmctl since it works as expected (for me :-) ).

• The --restart option

Because I'm very lazy, and because OpenBSD is very simple to use, I've added the command "nmctl --restart" in the /etc/apm/resume script. Thanks to apmd, this script will be used each time I'm opening the lid of my laptop. In other words, each time I'll opening my laptop, nmctl will search the optimum network connection for me. But I had several issues in this scenario. Most of the problems were linked to the arp table issues. Indeed, in some circumstances, my proxy IP address was associated to the cable interface instead of the wifi interface or vice-versa. As consequence I'm not able to connect to the proxy, thus not able to connect to internet. So the ping to google (final test nmctl perform) is failing. Knowing that anyhow, I'm doing a full arp cleanup, it's not clear for me from where this problem come from. To solve this situation I've implemented a "retry" concept. In other words, before testing an another possible network connection (as listed in my /etc/nmctl.conf file), the script try 3x the current connection's parameters. If you want to reduce or increase this figures, you can do it via the --retry parameter.

• Results of my expertise with this small tool

Where ever I'm located, my laptop is now connecting automatically to the wifi / cable connection previously identified for this location. Currently I have 3 places where I have Wifi credentials and 2 offices places where I just have to plug the network cable. Since the /etc/apm/resume scripts is triggered when I open the lid of the laptop, I just have to make sure that I plug the RJ45 before opening the laptop. For the rest, I do not have to type any commands, OpenBSD do all what is needed ;-). I hotels or restaurants, I can just connect to the Open Wifi thanks to the openbox menu created by "nmctl --scan".

• Next steps

• Documentation

The tool is missing lot of documentation. I appreciate OpenBSD for his great documentation, so I have to do the same. I plan to write a README and a man page at first instances. But since my laziness, I will do it as soon as I see some interest for this tool from other persons.

• Tests

I now have to travel and see how to see the script react on the different situations. Interested persons are welcome to share with me the outcome of their tests. I'm curious how it work.

OpenBSD 6.3 on EdgeRouter Lite simple upgrade method

• TL;DR

OpenBSD 6.3 oceton upgrade instructions may not factor that your ERL is running from the USB key they want wiped with the miniroot63.fs image loaded on. Place the bsd.rd for OpenBSD 6.3 on the sd0i slice used by U-Boot for the kernel, and then edit the boot command to run it.

• a tiny upgrade

The OpenBSD documentation is comprehensive, but there might be rough corners around what are probably edge cases in their user base. People running EdgeRouter Lite hardware for example, who are looking to upgrade from 6.2 to 6.3. The documentation, which gave us everything we needed last time, left me with some questions about how to upgrade. In INSTALL.octeon, the Upgrading section does mention: The best solution, whenever possible, is to backup your data and reinstall from scratch I had to check if that directive existed in the documentation for other architectures. I wondered if oceton users were getting singled out. We were not. Just simplicity and pragmatism.

• Reading on:

To upgrade OpenBSD 6.3 from a previous version, start with the general instructions in the section "Installing OpenBSD". But that section requires us to boot off of TFTP or NFS. Which I don’t want to do right now. Could also use a USB stick with the miniroot63.fs installed on it. But as the ERL only has a single USB port, we would have to remove the USB stick with the current install on it. Once we get to the Install or Upgrade prompt, there would be nothing to upgrade. Well, I guess I could use a USB hub. But the ERL’s USB port is inside the case. With all the screws in. And the tools are neatly put away. And I’d have to pull the USB hub from behind a workstation. And it’s two am. And I cleaned up the cabling in the lab this past weekend. Looks nice for once. So I don’t want to futz around with all that. There must be an almost imperceptibly easier way of doing this than setting up a TFTP server or NFS share in five minutes… Right?

iXsystems Boise Technology Show 2018 Recap

OpenZFS User Conference Slides & Videos

• Thank you ZFS
• ZSTD Compression
• Pool Layout Considerations
• ZFS Releases
• Helping Developers Help You
• ZFS and MySQL on Linux
• Micron
• OSNEXUS
• ZFS at Six Feet Up
• Flexible Disk Use with OpenZFS

Batch editing files with ed

• what’s ‘ed’?

ed is this sort of terrifying text editor. A typical interaction with ed for me in the past has gone something like this:

$ ed help ? h ? asdfasdfasdfsadf ? <close terminal in frustration>

Basically if you do something wrong, ed will just print out a single, unhelpful, ?. So I’d basically dismissed ed as an old arcane Unix tool that had no practical use today. vi is a successor to ed, except with a visual interface instead of this ?

• surprise: Ed is actually sort of cool and fun

So if Ed is a terrifying thing that only prints ? at you, why am I writing a blog post about it? WELL!!!! On April 1 this year, Michael W Lucas published a new short book called Ed Mastery. I like his writing, and even though it was sort of an april fool’s joke, it was ALSO a legitimate actual real book, and so I bought it and read it to see if his claims that Ed is actually interesting were true. And it was so cool!!!! I found out:

• how to get Ed to give you better error messages than just ?
• that the name of the grep command comes from ed syntax (g/re/p)
• the basics of how to navigate and edit files using ed

All of that was a cool Unix history lesson, but did not make me want to actually use Ed in real life. But!!!

The other neat thing about Ed (that did make me want to use it!) is that any Ed session corresponds to a script that you can replay! So if I know Ed, then I can use Ed basically as a way to easily apply vim-macro-like programs to my files.

Beastie Bits

• FreeBSD Mastery: Jails -- Help make it happen
• Video: OpenZFS Basics presented by George Wilson and Matt Ahrens at Scale 16x back in March 2018
• DragonFlyBSD’s IPFW gets highspeed lockless in-kernel NAT
• A Love Letter to OpenBSD
• New talks, and the F-bomb
• Practical UNIX Manuals: mdoc
• BSD Meetup in Zurich: May 24th
• BSD Meetup in Warsaw: May 24th
• MeetBSD 2018

Tarsnap

Feedback/Questions

• Seth - First time poudriere Builder
• Farhan - Why we didn't go FreeBSD
• architech - Encryption Feedback
• Dave - Handy Tip on setting up automated coredump handling for FreeBSD

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

This episode was brought to you by

Headlines

Remote DoS in the TCP stack

• A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections
• While in the LAST_ACK state, which is one of the final stages of a connection's lifetime, the connection can get stuck and hang there indefinitely
• This problem has a slightly confusing history that involves different fixes at different points in time from different people
• Juniper originally discovered the bug and announced a fix for their proprietary networking gear on June 8th
• On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch, but did not issue a security notice or MFC the fix back to the -stable branches
• On July 13th, two weeks later, OpenBSD fixed the issue in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found
• Immediately afterwards, they merged it back to -stable and issued an errata notice for 5.7 and 5.6
• On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix and issued a security notice for the problem (which didn't include the first fix)
• After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way
• NetBSD confirmed they were vulnerable too, and applied another completely different fix to -current on July 24th, but haven't released a security notice yet
• DragonFly is also investigating the issue now to see if they're affected as well ***

c2k15 hackathon reports

• Reports from OpenBSD's latest hackathon, held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these)
• The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event
• He writes, "Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say, in ksh, to the definition of the "command" built-in command - and had to step through dozens of false positives with the less '/' and 'n' search keys before you finally found the actual definition?"
• With mandoc's new internal jump targets, this is a problem of the past now
• Jasper also sent in a report, doing his usual work with Puppet (and specifically "Facter," a tool used by Puppet to gather various bits of system information)
• Aside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an "-i" flag for sed (hooray!)
• Antoine Jacoutot gave a report on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services)
• It now has an "ls" subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this "the poor man's service monitoring tool")
• He also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example)
• His list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades
• Foundation director Ken Westerback was also there, getting some disk-related and laptop work done
• He cleaned up and committed the 4k sector softraid code that he'd been working on, as well as fixing some trackpad issues
• Stefan Sperling, OpenBSD's token "wireless guy," had a lot to say about the hackathon and what he did there (and even sent in his write-up before he got home)
• He taught tcpdump about some new things, including 802.11n metadata beacons (there's a lot more specific detail about this one in the report)
• Bringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work
• One quote from Stefan's report that a lot of people seem to be talking about: "Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We'll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year."
• Jeremy Evans wrote in to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem
• While he's mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon
• Rafael Zalamena, who got commit access at the event, gives his very first report on his networking-related hackathon activities
• With Rafael's diffs and help from a couple other developers, OpenBSD now has support for VPLS
• Jonathan Gray got a lot done in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code
• As he's become somewhat known for, Jonathan was also busy running three things in the background: clang's fuzzer, cppcheck and AFL (looking for any potential crashes to fix)
• Martin Pieuchot gave an write-up on his experience: "I always though that hackathons were the best place to write code, but what's even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that's what I did."
• He laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack
• Unfortunately, most of Martin's secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle
• We're still eagerly awaiting a report from one of OpenBSD's newest developers, Alexandr Nedvedicky (the Oracle guy who's working on SMP PF and some other PF fixes)
• OpenBSD 5.8's "beta" status was recently reverted, with the message "take that as a hint," so that may mean more big changes are still to come... ***

FreeBSD quarterly status report

• FreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far
• It's broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others
• Starting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just "svn.freebsd.org") are now using GeoGNS with official SSL certs and general redundancy was increased
• In the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages
• The core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon
• Work also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012)
• The report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support
• Multipath TCP was also a hot topic, and there's a brief summary of the current status on that patch (it will be available publicly soon)
• ZFSguru, a project we haven't talked about a lot, also gets some attention in the report - version 0.3 is set to be completed in early August
• PCIe hotplug support is also mentioned, though it's still in the development stages (basic hot-swap functions are working though)
• The official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling
• Various other small updates on specific areas of ports (KDE, XFCE, X11...) are also included in the report
• Documentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot
• Many other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more ***

The OpenSSH bug that wasn't

• There's been a lot of discussion about a supposed flaw in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even)
• There's no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections
• FreeBSD in its default configuration, with PAM and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem - not upstream OpenSSH, nor any of the other BSDs, and not even the majority of Linux distros
• If you disable all forms of authentication except public keys, like you're supposed to, then this is also not a big deal for FreeBSD systems
• Realistically speaking, it's more of a PAM bug than anything else
• OpenSSH added an additional check for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update) ***

Interview - Sebastian Wiedenroth - wiedi@netbsd.org / @wied0r

pkgsrc and pkgsrcCon

News Roundup

Now served by OpenBSD

• We've mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it
• The use case for the author was for a webserver, so he decided to try out the httpd in base
• Configuration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting
• TLS 1.2 by default, strong ciphers with LibreSSL and HSTS combined give you a pretty secure web server ***

FreeBSD laptop playbooks

• A new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named "freebsd-laptops"
• It's based on ansible, and uses the playbook format for automatic set up and configuration
• Right now, it's only working on a single Lenovo laptop, but the plan is to add instructions for many more models
• Check the Github page for instructions on how to get started, and maybe get involved if you're running FreeBSD on a laptop ***

NetBSD on the NVIDIA Jetson TK1

• If you've never heard of the Jetson TK1, we can go ahead and spoil the secret here: NetBSD runs on it
• As for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE
• This blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything)
• You can even run X11 on it, pretty sweet ***

DragonFly power mangement options

• DragonFly developer Sepherosa, who we've had on the show, has been doing some ACPI work over there
• In this email, he presents some of DragonFly's different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well
• He also did some testing with each of them and gave his findings about power saving
• If you've been thinking about running DragonFly on a laptop, this would be a good one to read ***

OpenBSD router under FreeBSD bhyve

• If one BSD just isn't enough for you, and you've only got one machine, why not run two at once
• This article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it
• If you've been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware
• The author also includes a little bit of history on how he got into both operating systems
• There are lots of mixed opinions about virtualizing core network components, so we'll leave it up to you to do your research
• Of course, the next logical step is to put that bhyve host under Xen on NetBSD... ***

Feedback/Questions

• Kevin writes in
• Logan writes in
• Peter writes in
• Randy writes in ***

This episode was brought to you by

Headlines

Out with the old, in with the less

• Our friend Ted Unangst has a new article up, talking about "various OpenBSD replacements and reductions"
• "Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs."
• In the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure
• It starts off with a lesser-known SCSI driver that "tried to do too much" being replaced with three separate drivers
• "Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver."
• In contrast to that example, he goes on to cite mandoc as taking a very non "unixy" direction, but at the same time being smaller and simpler than all the tools it replaced
• The next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)
• He also talks about the rewritten "file" utility: "Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it."
• Finally, sudo in OpenBSD's base system is moving to ports soon, and the article briefly describes a new tool that may or may not replace it, called "doas"
• There's also a nice wrap-up of all the examples at the end, and the "Pruning and Polishing" talk is good complementary reading material ***

More OpenZFS and BSDCan videos

• We mentioned last week that some of the videos from the second OpenZFS conference in Europe were being uploaded - here's some more
• Matt Ahrens did a Q&A session and talked about ZFS send and receive, as well as giving an overview of OpenZFS
• George Wilson talked about a performance retrospective
• Toshiba, Syneto and HGST also gave some talks about their companies and how they're using ZFS
• As for BSDCan, more of their BSD presentations have been uploaded too...
• Ryan Stone, PCI SR-IOV on FreeBSD
• George Neville-Neil, Measure Twice, Code Once
• Kris Moore, Unifying jail and package management for PC-BSD, FreeNAS and FreeBSD
• Warner Losh, I/O Scheduling in CAM
• Kirk McKusick, An Introduction to the Implementation of ZFS
• Midori Kato, Extensions to FreeBSD Datacenter TCP for Incremental Deployment Support
• Baptiste Daroussin, Packaging FreeBSD's base system
• Matt Ahrens, New OpenZFS features supporting remote replication
• Ed Schouten, CloudABI Cloud computing meets fine-grained capabilities
• The audio of Ingo Schwarze's talk "mandoc: becoming the main BSD manual toolbox" got messed up, but there's an alternate recording here, and the slides are here ***

SMP steroids for PF

• An Oracle employee that's been porting OpenBSD's PF to an upcoming Solaris release has sent in an interesting patch for review
• Attached to the mail was what may be the beginnings of making native PF SMP-aware
• Before you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind - this is just one piece of the puzzle
• The initial response has been quite positive though, with some back and forth between developers and the submitter
• For now, let's be patient and see what happens ***

DragonFly 4.2.0 released

• DragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes
• i915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release
• Sendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there's a wiki page about configuring it
• They've also switched the default compiler to GCC 5, though why they've gone in that direction instead of embracing Clang is a mystery
• The announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools
• Work is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement
• There was also some hacker news discussion you can check out, as well as upgrade instructions ***

OpenSMTPD 5.7.1 released

• The OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently
• Crypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default
• The long-awaited filter API is now enabled by default, though still considered slightly experimental
• Documentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)
• Many more small additions and bugfixes were made, so check the changelog for the full list
• Starting with 5.7.1, releases are now cryptographically signed to ensure integrity
• This release has gone through some major stress testing to ensure stability - Gilles regularly asks their Twitter followers to flood a test server with thousands of emails per second, even offering prizes to whoever can DDoS them the hardest
• OpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately
• Let's all encourage Kris to stop procrastinating on switching from Postfix ***

Interview - Jun Ebihara (蛯原純) - jun@netbsd.org / @ebijun

Lesser-known CPU architectures, embedded NetBSD devices

News Roundup

FreeBSD foundation at BSDCan

• The FreeBSD foundation has posted a few BSDCan summaries on their blog
• The first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: "Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people."
• He got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily
• Their second trip report is from Ahmed Kamal, who flew in all the way from Egypt
• A bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum's about MINIX and NetBSD
• There are also two more wrap-ups from Zbigniew Bodek and Vsevolod Stakhov, so you've got plenty to read ***

OpenBSD from a veteran Linux user perspective

• In a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time
• "For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an 'old-school' Linux admin, and I've felt out of place with the latest changes on the system administration."
• The post is a collection of his thoughts about what's different between Linux and BSD, what surprised him as a beginner - admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags
• One of the things that surprised him (in a positive way) was the documentation: "OpenBSD's man pages are so nice that RTFMing somebody on the internet is not condescending but selfless."
• He also goes through some of the basics, installing and updating software, following different branches
• It concludes with "If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern." ***

FreeBSD on the desktop, am I crazy

• Similar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up - this time about FreeBSD on the desktop
• He begins with a bit of forewarning for potential Linux switchers: "It certainly wasn't an easy journey, and I'm tempted to say do not try this at home to anybody who isn't going to leverage any of FreeBSD's strong points. Definitely don't try FreeBSD on the desktop if you haven't used it on servers or virtual machines before. It's got less in common with Linux than you might think."
• With that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd
• The rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash
• Also worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well
• In the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too ***

OpenIKED and Cisco CSR 1000v IPSEC

• This article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED
• What kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud
• There are lots of details (and example configuration files) for using IKEv2 and OpenBSD's built-in IKE daemon
• It also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that's afraid to try them… don't be ***

HardenedBSD improves stack randomization

• The HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area
• In their initial implementation, the stack randomization was a random gap - this update makes the base address randomized as well
• They're now stacking the new on top of the old as well, with the goal being even more entropy
• This change triggered an ABI and API incompatibility, so their major version has been bumped ***

OpenSSH 6.9 released

• The OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes
• There are a couple new things though - the "AuthorizedKeysCommand" config option now takes custom arguments
• One very notable change is that the default cipher has changed as of this release
• The traditional pairing of AES128 in counter mode with MD5 HMAC has been replaced by the ever-trendy ChaCha20-Poly1305 combo
• Their next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to "no" by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they're under 1024 bits
• Many small bugs fixes and improvements were also made, so check the announcement for everything else
• The native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon ***

Feedback/Questions

• Brad writes in
• Mason writes in
• Jochen writes in
• Simon writes in ***

This episode was brought to you by

Headlines

Playing with sandboxing

• Sandboxing and privilege separation are popular topics these days - they're the goal of the new "shill" scripting language, they're used heavily throughout OpenBSD, and they're gaining traction with the capsicum framework
• This blog post explores capsicum in FreeBSD, some of its history and where it's used in the base system
• They also include some code samples so you can verify that capsicum is actually denying the program access to certain system calls
• Check our interview about capsicum from a while back if you haven't seen it already ***

OpenNTPD on by default

• OpenBSD has enabled ntpd by default in the installer, rather than prompting the user if they want to turn it on
• In nearly every case, you're going to want to have your clock synced via NTP
• With the HTTPS constraints feature also enabled by default, this should keep the time checked and accurate, even against spoofing attacks
• Lots of problems can be traced back to the time on one system or another being wrong, so this will also eliminate some of those cases
• For those who might be curious, they're using the "pool.ntp.org" cluster of addresses and google for HTTPS constraints (but these can be easily changed) ***

FreeBSD workshop in Landshut

• We mentioned a BSD installfest happening in Germany a few weeks back, and the organizer wrote in with a review of the event
• The installfest instead became a "FreeBSD workshop" session, introducing curious new users to some of the flagship features of the OS
• They covered when to use UFS or ZFS, firewall options, the release/stable/current branches and finally how to automate installations with Ansible
• If you're in south Germany and want to give similar introduction talks or Q&A sessions about the other BSDs, get in touch
• We'll hear more from him about how it went in the feedback section today ***

Swap encryption in DragonFly

• Doing full disk encryption is very important, but something that people sometimes overlook is encrypting their swap
• This can actually be more important than the contents of your disks, especially if an unencrypted password or key hits your swap (as it can be recovered quite easily)
• DragonFlyBSD has added a new experimental option to automatically encrypt your swap partition in fstab
• There was another way to do it previously, but this is a lot easier
• You can achieve similar results in FreeBSD by adding ".eli" to the end of the swap device in fstab, there are a few steps to do it in NetBSD and swap in OpenBSD is encrypted by default
• A one-time key will be created and then destroyed in each case, making recovery of the plaintext nearly impossible ***

Interview - Jed Reynolds - jed@bitratchet.com / @jed_reynolds

Comparing ZFS on Linux and FreeBSD

News Roundup

USB thermometer on OpenBSD

• So maybe you've got BSD on your server or router, maybe NetBSD on a toaster, but have you ever used a thermometer with one?
• This blog post introduces the RDing TEMPer Gold USB thermometer, a small device that can tell the room temperature, and how to get it working on OpenBSD
• Wouldn't you know it, OpenBSD has a native "ugold" driver to support it with the sensors framework
• How useful such a device would be is another story though ***

NAS4Free now on ARM

• We talk a lot about hardware for network-attached storage devices on the show, but ARM doesn't come up a lot
• That might be changing soon, as NAS4Free has just released some ARM builds
• These new (somewhat experimental) images are based on FreeBSD 11-CURRENT
• Included in the announcement is a list of fully-supported and partially-supported hardware that they've tested it with
• If anyone has experience with running a NAS on slightly exotic hardware, write in to us ***

pkgsrcCon 2015 CFP and info

• This year's pkgsrcCon will be in Berlin, Germany on July 4th and 5th
• They're looking for talk proposals and ideas for things you'd like to see
• If you or your company uses pkgsrc, or if you're just interested in NetBSD in general, it would be a good event to check out ***

BSDTalk episode 253

• BSDTalk has released another new episode
• In it, he interviews George Neville-Neil about the 2nd edition of "The Design and Implementation of the FreeBSD Operating System"
• They discuss what's new since the last edition, who the book's target audience is and a lot more
• We're up to 90 episodes now, slowly catching up to Will... ***

Feedback/Questions

• Dominik writes in
• Brad writes in
• Corvin writes in
• James writes in ***

This episode was brought to you by

Headlines

Revisiting FreeBSD after 20 years

• With comments like "has Linux lost its way?" floating around, a Debian developer was prompted to revisit FreeBSD after nearly two decades
• This blog post goes through his experiences trying out a modern BSD variant, and includes the good, the bad and the ugly - not just praise this time
• He loves ZFS and the beadm tool, and finds the FreeBSD implementation to be much more stable than ZoL
• On the topic of jails, he summarizes: "Linux has tried so hard to get this right, and fallen on its face so many times, a person just wants to take pity sometimes. We’ve had linux-vserver, openvz, lxc, and still none of them match what FreeBSD jails have done for a long time."
• The post also goes through the "just plain different" aspects of a complete OS vs. a distribution of various things pieced together
• Finally, he includes some things he wasn't so happy about: subpar laptop support, virtualization being a bit behind, a myriad of complaints about pkgng and a few other things
• There was some decent discussion on Hacker News about this article too, with counterpoints from both sides ***

s2k15 hackathon report: network stack SMP

• The first trip report from the recent OpenBSD hackathon in Australia has finally been submitted
• One of the themes of this hackathon was SMP (symmetric multiprocessing) improvement, and Martin Pieuchot did some hacking on the network stack
• If you're not familiar with him, he gave a presentation at EuroBSDCon last year, titled Taming OpenBSD Network Stack Dragons
• Teaming up with David Gwynne, they worked on getting some bits of the networking code out of the big lock
• Hopefully more trip reports will be sent in during the coming weeks
• Most of the big code changes should probably appear after the 5.7-release testing period ***

From BIND to NSD and Unbound

• If you've been running a DNS server on any of the BSDs, you've probably noticed a semi-recent trend: BIND being replaced with Unbound
• BIND was ripped out in FreeBSD 10.0 and will be gone in OpenBSD 5.7, but both systems include Unbound now as an alternative
• OpenBSD goes a step further, also including NSD in the base system, whereas you'll need to install that from ports on FreeBSD
• Instead of one daemon doing everything like BIND tried to do, this new setup splits the authoritative nameserver and the caching resolver into two separate daemons
• This post takes you through the transitional phase of going from a single BIND setup to a combination of NSD and Unbound
• All in all, everyone wins here, as there will be a lot less security advisories in both BSDs because of it... ***

m0n0wall calls it quits

• The original, classic BSD firewall distribution m0n0wall has finally decided to close up shop
• For those unfamiliar, m0n0wall was a FreeBSD-based firewall project that put a lot of focus on embedded devices: running from a CF card, CD, USB drive or even a floppy disk
• It started over twelve years ago, which is pretty amazing when you consider that's around half of FreeBSD itself's lifespan
• The project was probably a lot of people's first encounter with BSD in any form
• If you were a m0n0wall user, fear not, you've got plenty of choices for a potential replacement: doing it yourself with something like FreeBSD or OpenBSD, or going the premade route with something like pfSense, OPNsense or the BSD Router Project
• The founder's announcement includes these closing words: "m0n0wall has served as the seed for several other well known open source projects, like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense, aims to continue the open source spirit of m0n0wall while updating the technology to be ready for the future. In my view, it is the perfect way to bring the m0n0wall idea into 2015, and I encourage all current m0n0wall users to check out OPNsense and contribute if they can."
• While m0n0wall didn't get a lot of on-air mention, surely a lot of our listeners will remember it fondly ***

Interview - Alex Reece & Matt Ahrens - alex@delphix.com & matt@delphix.com / @openzfs

What's new in OpenZFS

Tutorial

Making your first patch (OpenBSD)

News Roundup

Overlaying remote LANs with OpenBSD's VXLAN

• Have you ever wanted to "merge" multiple remote LANs? OpenBSD's vxlan(4) is exactly what you need
• This article talks about using it to connect two virtualized infrastructures on different ESXi servers
• It gives a bit of networking background first, in case you're not quite up to speed on all this stuff
• This tool opens up a lot of very cool possibilities, even possibly doing a "remote" LAN party
• Be sure to check the AsiaBSDCon talk about VXLANs if you haven't already ***

2020, year of the PCBSD desktop

• Here we have a blog post about BSD on the desktop, straight from a KDE developer
• He predicts that PCBSD is going to take off before the year 2020, possibly even overtaking Linux's desktop market share (small as it may be)
• With PCBSD making a preconfigured FreeBSD desktop a reality, and the new KMS work, the author is impressed with how far BSD has come as a viable desktop option
• ZFS and easy-to-use boot environments top the list of things he says differentiate the BSD desktop experience from the Linux one
• There was also some discussion on Slashdot that might be worth reading ***

OpenSSH host key rotation, redux

• We mentioned the new OpenSSH host key rotation and other goodies in a previous episode, but things have changed a little bit since then
• djm says "almost immediately after smugly declaring 'mission accomplished', the bug reports started rolling in."
• There were some initial complaints from developers about the new options, and a serious bug shortly thereafter
• After going back to the drawing board, he refactored some of the new code (and API) and added some more regression tests
• Most importantly, the bigger big fix was described as: "a malicious server (say, "host-a") could advertise the public key of another server (say, "host-b"). Then, when the client subsequently connects back to host-a, instead of answering the connection as usual itself, host-a could proxy the connection to host-b. This would cause the user to connect to host-b when they think they are connecting to host-a, which is a violation of the authentication the host key is supposed to provide."
• None of this code has been in a formal OpenSSH release just yet, but hopefully it will soon ***

PCBSD tries out LibreSSL

• PCBSD users may soon be seeing a lot less security problems because of two recent changes
• After switching over to OpenNTPD last week, PCBSD decides to give the portable LibreSSL a try too
• Note that this is only for the packages built from ports, not the base system unfortunately
• They're not the first ones to do this - OPNsense has been experimenting with replacing OpenSSL in their ports tree for a little while now, and of course all of OpenBSD's ports are built against it
• A good number of patches are still not committed in vanilla FreeBSD ports, so they had to borrow some from Bugzilla
• Look forward to Kris wearing a "keep calm and abandon OpenSSL" shirt in the near future ***

Feedback/Questions

• Benjamin writes in
• Mike writes in
• Brad writes in ***

Mailing List Gold

• Debian Dejavu
• Package gone missing ***

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and tutorials

• The 2014 EuroBSDCon videos have been online for over a month, but unannounced - keep in mind these links may be temporary (but we'll mention their new location in a future show and fix the show notes if that's the case) <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Arun Thomas, BSD ARM Kernel Internals <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Ted Unangst, Developing Software in a Hostile Environment <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Martin Pieuchot, Taming OpenBSD Network Stack Dragons <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Henning Brauer, OpenBGPD turns 10 years <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Claudio Jeker, vscsi and iscsid iSCSI initiator the OpenBSD way <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Paul Irofti, Making OpenBSD Useful on the Octeon Network Gear <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Baptiste Daroussin, Cross Building the FreeBSD ports tree <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Boris Astardzhiev, Smartcom’s control plane software, a customized version of FreeBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Michał Dubiel, OpenStack and OpenContrail for FreeBSD platform <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Martin Husemann & Joerg Sonnenberger, Tool-chaining the Hydra, the ongoing quest for modern toolchains in NetBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Taylor R Campbell, The entropic principle: /dev/u?random and NetBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Dag-Erling Smørgrav, Securing sensitive & restricted data <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Peter Hansteen, Building The Network You Need With PF <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Stefan Sperling, Subversion for FreeBSD developers <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Peter Hansteen, Transition to OpenBSD 5.6 <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Ingo Schwarze, Let’s make manuals more useful <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Francois Tigeot, Improving DragonFly’s performance with PostgreSQL <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Justin Cormack, Running Applications on the NetBSD Rump Kernel <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Pierre Pronchery, EdgeBSD, a year later <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Peter Hessler, Using routing domains or tables in a production network <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Sean Bruno, QEMU user mode on FreeBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Kristaps Dzonsons, Bugs Ex Ante <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Yann Sionneau, Porting NetBSD to the LatticeMico32 open source CPU <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Alexander Nasonov, JIT Code Generator for NetBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Masao Uebayashi, Porting Valgrind to NetBSD and OpenBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Marc Espie, parallel make, working with legacy code <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Francois Tigeot, Porting the drm-kms graphic drivers to DragonFly <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• The following talks (from the Vitosha track room) are all currently missing:
• Jordan Hubbard, FreeBSD, Looking forward to another 10 years (but we have another recording)
• Theo de Raadt, Randomness, how arc4random has grown since 1998 (but we have another recording)
• Kris Moore, Snapshots, Replication, and Boot-Environments
• Kirk McKusick, An Introduction to the Implementation of ZFS
• John-Mark Gurney, Optimizing GELI Performance
• Emmanuel Dreyfus, FUSE and beyond, bridging filesystems
• Lourival Vieira Neto, NPF scripting with Lua
• Andy Tanenbaum, A Reimplementation of NetBSD Based on a Microkernel
• Stefano Garzarella, Software segmentation offloading for FreeBSD
• Ted Unangst, LibreSSL
• Shawn Webb, Introducing ASLR In FreeBSD
• Ed Maste, The LLDB Debugger in FreeBSD
• Philip Guenther, Secure lazy binding ***

OpenBSD adopts SipHash

• Even more DJB crypto somehow finds its way into OpenBSD's base system
• This time it's SipHash, a family of pseudorandom functions that's resistant to hash bucket flooding attacks while still providing good performance
• After an initial import and some clever early usage, a few developers agreed that it would be better to use it in a lot more places
• It will now be used in the filesystem, and the plan is to utilize it to protect all kernel hash functions
• Some other places that Bernstein's work can be found in OpenBSD include the ChaCha20-Poly1305 authenticated stream cipher and Curve25519 KEX used in SSH, ChaCha20 used in the RNG, and Ed25519 keys used in signify and SSH ***

FreeBSD 10.1-RELEASE

• FreeBSD's release engineering team likes to troll us by uploading new versions just a few hours after we finish recording an episode
• The first maintenance update for the 10.x branch is out, improving upon a lot of things found in 10.0-RELEASE
• The vt driver was merged from -CURRENT and can now be enabled with a loader.conf switch (and can even be used on a PlayStation 3)
• Bhyve has gotten quite a lot of fixes and improvements from its initial debut in 10.0, including boot support for ZFS
• Lots of new ARM hardware is supported now, including SMP support for most of them
• A new kernel selection menu was added to the loader, so you can switch between newer and older kernels at boot time
• 10.1 is the first to support UEFI booting on amd64, which also has serial console support now
• Lots of third party software (OpenSSH, OpenSSL, Unbound..) and drivers have gotten updates to newer versions
• It's a worthy update from 10.0, or a good time to try the 10.x branch if you were avoiding the first .0 release, so grab an ISO or upgrade today
• Check the detailed release notes for more information on all the changes
• Also take a look at some of the known problems to see if you'll be affected by any of them
• PC-BSD was also updated accordingly with some of their own unique features and changes ***

arc4random - Randomization for All Occasions

• Theo de Raadt gave an updated version of his EuroBSDCon presentation at Hackfest 2014 in Quebec
• The presentation is mainly about OpenBSD's arc4random function, and outlines the overall poor state of randomization in the 90s and how it has evolved in OpenBSD over time
• It begins with some interesting history on OpenBSD and how it became a security-focused OS - in 1996, their syslogd got broken into and "suddenly we became interested in security"
• The talk also touches on how low-level changes can shake up the software ecosystem and third party packages that everyone uses
• There's some funny history on the name of the function (being called arc4random despite not using RC4 anymore) and an overall status update on various platforms' usage of it
• Very detailed and informative presentation, and the slides can be found here
• A great quote from the beginning: "We consider ourselves a community of (probably rather strange) people who work on software specifically for the purpose of trying to make it better. We take a 'whole-systems' approach: trying to change everything in the ecosystem that's under our control, trying to see if we can make it better. We gain a lot of strength by being able to throw backwards compatibility out the window. So that means that we're able to do research and the minute that we decide that something isn't right, we'll design an alternative for it and push it in. And if it ends up breaking everybody's machines from the previous stage to the next stage, that's fine because we'll end up in a happier place." ***

Interview - Justin Cormack - justin@netbsd.org / @justincormack

NetBSD on Xen, rump kernels, various topics

News Roundup

The FreeBSD foundation's biggest donation

• The FreeBSD foundation has a new blog post about the largest donation they've ever gotten
• From the CEO of WhatsApp comes a whopping one million dollars in a single donation
• It also has some comments from the donor about why they use BSD and why it's important to give back
• Be sure to donate to the foundation of whatever BSD you use when you can - every little bit helps, especially for OpenBSD, NetBSD and DragonFly who don't have huge companies supporting them regularly like FreeBSD does ***

OpenZFS Dev Summit 2014 videos

• Videos from the recent OpenZFS developer summit are being uploaded, with speakers from different represented platforms and companies <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Matt Ahrens, opening keynote <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Raphael Carvalho, Platform Overview: ZFS on OSv <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Brian Behlendorf, Platform Overview: ZFS on Linux <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Prakash Surya, Platform Overview: illumos <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Xin Li, Platform Overview: FreeBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• All platforms, Group Q&A Session <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Dave Pacheco, Manta <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Saso Kiselkov, Compression <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• George Wilson, Performance <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Tim Feldman, Host-Aware SMR <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Pavel Zakharov, Fast File Cloning <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• The audio is pretty poor on all of them unfortunately ***

BSDTalk 248

• Our friend Will Backman is still busy getting BSD interviews as well
• This time he sits down with Matthew Dillon, the lead developer of DragonFly BSD
• We've never had Dillon on the show, so you'll definitely want to give this one a listen
• They mainly discuss all the big changes coming in DragonFly's upcoming 4.0 release ***

MeetBSD 2014 videos

• The presentations from this year's MeetBSD conference are starting to appear online as well <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Kirk McKusick, A Narrative History of BSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Jordan Hubbard, FreeBSD: The Next 10 Years <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Brendan Gregg, Performance Analysis <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• The slides can be found here ***

Feedback/Questions

• Dominik writes in
• Steven writes in
• Florian writes in
• Richard writes in
• Kevin writes in ***

Mailing List Gold

• Contributing without code
• Compression isn't a CRIME
• Securing web browsers ***

This episode was brought to you by

Interview - Pawel Jakub Dawidek - pjd@freebsd.org

Porting ZFS, GEOM, GELI, Capsicum, various topics

This episode was brought to you by

Interview - Josh Paetzel - josh@ixsystems.com / @bsdunix4ever

Crazy ZFS stories, network protocols, server hardware

This episode was brought to you by

Headlines

FreeBSD moves to Bugzilla

• Historically, FreeBSD has used the old GNATS system for keeping track of bug reports
• After years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla
• It offers a lot of advantages, is much more modern and actively maintained and
• There's a new workflow chart for developers to illustrate the new way of doing things
• The old "send-pr" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports)
• This will hopefully make reporting bugs a lot less painful ***

DIY NAS: EconoNAS 2014

• We previously covered this blog last year, but the 2014 edition is up
• More of a hardware-focused article, the author details the parts he's using for a budget NAS
• Details the motherboard, RAM, CPU, hard drives, case, etc
• With a set goal of $500 max, he goes just over it - $550 for all the parts
• Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions ***

DragonflyBSD 3.8 released

• Justin announced the availability of DragonflyBSD 3.8.0
• Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts
• It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions
• Work continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series
• See the release page for more info and check the link for source-based upgrade instructions ***

OpenZFS European conference 2014

• There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure
• Matt Ahrens, Introduction
• Michael Alexander, FhGFS performance on ZFS
• Andriy Gapon, Testing ZFS on FreeBSD
• Luke Marsden, HybridCluster: ZFS in the cloud
• Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS
• Chris George, DDRdrive ZIL accelerator: random write revelation
• Grenville Whelan, High-Availability
• Phil Harman, Harman Holistic
• Mark Rees, Storiant and OpenZFS
• Andrew Holway, EraStor ZFS appliances
• Dan Vâtca, Syneto and OpenZFS
• Luke Marsden, HybridCluster and OpenZFS
• Matt Ahrens, Delphix and OpenZFS
• Check the link for slides and other goodies ***

Interview - Benedict Reuschling - bcr@freebsd.org

BSD documentation, getting commit access, unix education, various topics

News Roundup

Getting to know your portmgr, Steve Wills

• "It is my pleasure to introduce Steve Wills, the newest member of the portmgr team"
• swills is an all-round good guy, does a lot for ports (especially the ruby ports)
• In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more
• He used to work for Red Hat, woah ***

BSDTalk episode 242

• This time on BSDTalk, Will interviews Chris Buechler from pfSense
• Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes
• They also touch on recent concerns in the pfSense community about their license change, that they may be "going commercial" and closing the source - so tune in to find out what their future plans are for all of that ***

Turn old PC hardware into a killer home server

• Lots of us have old hardware lying around doing nothing but collecting dust
• Why not turn that old box into a modern file server with FreeNAS and ZFS?
• This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc)
• Most of our users are already familiar with all of this stuff, nothing too advanced
• Good to see BSD getting some well-deserved attention on a big mainstream site ***

Unbloating the VAX install CD

• After a discussion on the VAX mailing list, something very important came to the attention of the developers...
• You can't boot NetBSD on a VAX box with 16MB of RAM from the CD image
• This blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller
• In the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM... ***

Feedback/Questions

• Thomas writes in
• Reynold writes in
• Bostjan writes in
• Paul writes in
• John writes in ***

This episode was brought to you by

Presentation - Matthew Ahrens - matt@mahrens.org / @mahrens1

OpenZFS discussion

Feedback/Questions

• Remy writes in
• Darin writes in
• Steve writes in
• Pascal writes in ***

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• Gabor Pali sent out the October-December 2013 status report to get everyone up to date on what's going on
• The report contains 37 entries and is very very long... various reports from all the different teams under the FreeBSD umbrella, probably too many to even list in the show notes
• Lots of work going on in the ARM world, EC2/Xen and Google Compute Engine are also improving
• Secure boot support hopefully coming [by mid-year](www.itwire.com/business-it-news/open-source/62855-freebsd-to-support-secure-boot-by-mid-year)
• There's quite a bit going on in the FreeBSD world, many projects happening at the same time ***

n2k14 OpenBSD Hackathon Report

• Recently, OpenBSD held one of their hackathons in New Zealand
• 15 developers gathered there to sit in a room and write code for a few days
• Philip Guenther brings back a nice report of the event
• If you've been watching the -current CVS logs, you've seen the flood of commits just from this event alone
• Fixes with threading, Linux compat, ACPI, and various other things - some will make it into 5.5 and others need more testing
• Another report from Theo details his work
• Updates to the random subsystem, some work-in-progress pf fixes, suspend/resume fixes and more signing stuff ***

Four new NetBSD releases

• NetBSD released versions 6.1.3, 6.0.4, 5.2.2 and 5.1.4
• These updates include lots of bug fixes and some security updates, not focused on new features
• You can upgrade depending on what branch you're currently on
• Confused about the different branches? See this graph. ***

The future of open source ZFS development

• On February 11, 2014, Matt Ahrens will be giving a presentation about ZFS
• The talk will be about the future of ZFS and the open source development since Oracle closed the code
• It's in San Jose, California - go if you can! ***

Interview - George Neville-Neil - gnn@freebsd.org / @gvnn3

The FreeBSD Journal

Tutorial

Tracking -STABLE and -CURRENT (OpenBSD)

News Roundup

pfSense news and 2.1.1 snapshots

• pfSense has some snapshots available for the upcoming 2.1.1 release
• They include FreeBSD security fixes as well as some other updates
• There are recordings posted of some of the previous hangouts
• Unfortunately they're only for subscribers, so you'll have to wait until next month when we have Chris on the show to talk about pfSense! ***

FreeBSD on Google Compute Engine

• Recently we mentioned some posts about getting OpenBSD to run on GCE, here's the FreeBSD version
• Nice big fat warning: "The team has put together a best-effort posting that will get most, if not all, of you up and running. That being said, we need to remind you that FreeBSD is being supported on Google Compute Engine by the community. The instructions are being provided as-is and without warranty."
• Their instructions are a little too Linuxy (assuming wget, etc.) for our taste, someone should probably get it updated!
• Other than that it's a pretty good set of instructions on how to get up and running ***

Dragonfly ACPI update

• Sascha Wildner committed some new ACPI code
• There's also a "heads up" to update your BIOS if you experience problems
• Check the mailing list post for all the details ***

PCBSD weekly digest

• 10.0-RC4 users need to upgrade all their packages for 10.0-RC5
• PBIs needed to be rebuilt.. actually everything did
• Help test GNOME 3 so we can get it in the official ports tree
• By the way, I think Kris has an announcement - PCBSD 10.0 is out! ***

Feedback/Questions

• Tony writes in
• Jeff writes in
• Remy writes in
• Nils writes in
• Solomon writes in ***

This episode was brought to you by

Headlines

Secure communications with OpenBSD and OpenVPN

• Starting off today's theme of encryption...
• A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
• Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)
• Part 2 covers the initial setup of OpenVPN certificates and keys
• Parts 3 and 4 are the OpenVPN server and client configuration
• Part 5 is some updates and closing remarks ***

FreeBSD Foundation Newsletter

• The December 2013 semi-annual newsletter was sent out from the foundation
• In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
• The president's letter alone is worth the read, really amazing
• Really long, with lots of details and stories from the conferences and projects ***

Use of NetBSD with Marvell Kirkwood Processors

• Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
• The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."
• Really cool little NetBSD ARM project with lots of graphs, pictures and details ***

Experimenting with zero-copy network IO

• Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD
• Discusses the different OS' implementations and options
• He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there
• Tons of details, check the full post ***

Interview - Damien Miller - djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Tutorial

Full disk encryption in FreeBSD & OpenBSD

News Roundup

OpenZFS office hours

• Our buddy George Wilson sat down to take some ZFS questions from the community
• You can see more info about it here ***

License summaries in pkgng

• A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
• Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow
• Maybe we could get a "pkg licenses" command to display the license of all installed packages
• Ok bapt, do it ***

The FreeBSD challenge continues

• Checking in with our buddy from the Linux foundation...
• The switching from Linux to FreeBSD blog series continues for his month-long trial
• Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge. Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."
• Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more ***

Ports gets a stable branch

• For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch
• This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes
• All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1 ***

Feedback/Questions

• John writes in
• Spencer writes in
• Campbell writes in
• Sha'ul writes in
• Clint writes in ***

Headlines

pkgng 1.2 released

• bapt and bdrewery from the portmgr team released pkgng 1.2 final
• New features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new "pkg config" command, repo improvements, vuXML is now default, new fingerprint features and much more
• Really simple to upgrade, check our pkgng tutorial if you want some easy instructions
• It's also made its way into Dragonfly
• See the show notes for the full list of new features and fixes ***

ChaCha20 and Poly1305 in OpenSSH

• Damien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305
• Long blog post explaining what these are and why we need them
• This cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC
• RC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn't show the packet length in cleartext
• Great explanation of the differences between EtM, MtE and EaM and their advantages
• "Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly." ***

Is it time to dump Linux and move to BSD

• ITworld did an article about switching from Linux to BSD
• The author's interest was sparked from a review he was reading that said "I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0"
• The whole article can be summed up with "yes" - ok, next story! ***

OpenZFS devsummit videos

• The OpenZFS developer summit discussion and presentation videos are up
• People from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced
• Question and answer session from representatives of every OS - had a couple FreeBSD guys there including one from the foundation
• Presentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production
• TONS of video, about 6 hours' worth
• This leads us into our interview, which is... ***

Interview - George Wilson - wilzun@gmail.com / @zfsdude

OpenZFS

Tutorial

A crash course on ZFS

News Roundup

ruBSD 2013 information

• The ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia
• Speakers include three OpenBSD developers, Theo de Raadt, Henning Brauer and Mike Belopuhov
• Their talks are titled "The bane of backwards compatibility," "OpenBSD's pf: Design, Implementation and Future" and "OpenBSD: Where crypto is going?"
• No word on if there will be video recordings, but we'll let you know if that changes ***

DragonFly roadmap, post 3.6

• John Marino posted a possible roadmap for DragonFly, now that they're past the 3.6 release
• He wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils)
• Plans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still
• Bring in fixes and new stuff from FreeBSD 10 ***

BSDCan 2014 CFP

• BSDCan 2014 will be held on May 16-17 in Ottawa, Canada
• They're now accepting proposals for talks
• If you are doing something interesting with a BSD operating system, please submit a proposal
• We'll be getting lots of interviews there ***

casperd added to -CURRENT

• "It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted."
• Lists some sysctls that can be controlled ***

ZFS corruption bug fixed in -CURRENT

• Just a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded ***

Feedback/Questions

• Chris writes in
• SW writes in
• Jason writes in
• Clint writes in
• Chris writes in ***

Headlines

Getting to know your portmgr

• In this interview they talk to one of the "Annoying Reminder Guys" - Erwin Lansing, the second longest serving member of FreeBSD's portmgr (also vice-president of the FreeBSD Foundation)
• He actually maintains the .dk ccTLD
• Describes FreeBSD as "the best well-hidden success story in operating systems, by now in the hands of more people than one can count and used by even more people, and not one of them knows it! It’s not only the best operating system currently around, but also the most supportive and inspiring community."
• In the next one they speak with Martin Wilke (miwi@)
• The usual, "what inspires you about FreeBSD" "how did you get into it" etc. ***

vBSDCon wrap-up compilation

• Lots of write-ups about vBSDCon gathered in one place
• Some from OpenBSD guys
• Some from FreeBSD guys
• Some from RootBSD
• Some from iXsystems
• Some from Verisign
• And of course our own wrap-up chat in BSD Now Episode 009 ***

Faces of FreeBSD

• This week they talk to Gábor Páli from Hungary
• Talks about his past as a game programmer and how it got involved with FreeBSD
• "I met János Háber, who admired the technical merits of FreeBSD and recommended it over the popular GNU/Linux distributions. I downloaded FreeBSD 4.3-RELEASE, found it reliable, consistent, easy to install, update and use."
• He's been contributing since 2008 and does lots of work with Haskell in ports
• He also organizes EuroBSDCon and is secretary of the FreeBSD Core Team ***

Dragonfly 3.6 released

• dports now default instead of pkgsrc
• Big SMP scaling improvements
• Experimental i915 and KMS support
• See our interview with Justin Sherrill if you want to hear (a lot) more about it - nearly an hour long ***

Interview - Jordan Hubbard - jkh@freebsd.org / @omgjkh

FreeBSD's founding and future

Tutorial

Building an OpenBSD router, part 2

• Note: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions. ***

News Roundup

pfSense 2.1 on AWS EC2

• We now have pfSense 2.1 available on Amazon’s Elastic Compute Cloud (EC2)
• In keeping with the community spirit, they’re also offering a free "public" AMI
• Check the FAQ and User Guide on their site for additional details
• Interesting possibilities with pfSense in the cloud ***

Puffy on the desktop

• Distrowatch, a primarily Linux-focused site, features an OpenBSD 5.4 review
• They talk about using it on the desktop, how to set it up
• Very long write-up, curious Linux users should give it a read
• Ends with "Most people will still see OpenBSD as an operating system for servers and firewalls, but OpenBSD can also be used in desktop environments if the user doesn't mind a little manual work. The payoff is a very light, responsive system that is unlikely to ever misbehave" ***

Two-factor authentication with SSH

• Blog post about using a yubikey with SSH public keys
• Uses a combination of a OTP, BSDAuth and OpenBSD's login.conf, but it can be used with PAM on other systems as well
• Allows for two-factor authentication (a la gmail) in case your private key is compromised
• Anyone interested in an extra-hardened SSH server should give it a read ***

PCBSD weekly digest

• 10.0 has approximately 400 PBIs for public consumption
• They will be merging the GNOME3, MATE and Cinnamon desktops into the 10.0 ports tree - please help test them, this is pretty big news in and of itself!
• PCDM is coming along nicely, more bugs are getting fixed
• Added ZFS dataset options to PCBSD’s new text installer front-end ***

Feedback/Questions

• Ben writes in
• Florian writes in
• Zach writes in
• Addison writes in
• Adam writes in
• Adam's BSD Router Project tutorial can be downloaded here. ***