NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

We should improve libzfs somewhat

Accurate Effective Storage Performance Benchmark

News Roundup

Debugging aids for pf firewall rules on FreeBSD

OpenBSD and Thunderbolt issue on ThinkPad T480s

Signing Git Commits with an SSH key

Pgrep

LibreOffice downloads on the rise as users look to avoid subscription costs

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Felix - Bhyve and NVME

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Applying the ARC Algorithm to the ARC

Advancing Cloud Native Containers on FreeBSD: Podman Testing Highlights

News Roundup

Running Web Browsers in FreeBSD Jail

Fixing pf not allowing IPv6 traffic on FreeBSD

Minitel: The Online World France Built Before the Web

Why Google Stores Billions of Lines of Code in a Single Repository

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Sam - EDR Support

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

NetBSD 10 on a Pinebook Pro

OpenBSD extreme privacy setup

News Roundup

Version 256 of systemd boasts '42% less Unix philosophy'

Posix.1 2024 is out

Blocking Access From or to Specific Countries Using FreeBSD and Pf

Beastie Bits

• BSD User Group Düsseldorf Juli 2024
• Another cool UNIX workstation, that was never released

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

NASA Programmer Remembers Debugging Lisp in Deep Space

0 Dependency Websites with OpenBSD & AsciiDoc

News Roundup

FreeBSD - Deleting old snapshots

Full multiprocess support in lldb-server

Basic fix between pf tables and macros on FreeBSD

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Ben - Jail Question
• Malcolm - encryption

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Evaluating FreeBSD CURRENT for Production Use

Time Machine like Backups on OpenBSD

News Roundup

FreeBSD on the Graviton 3

Compiling the NetBSD kernel as a benchmark

Network Management with the OpenBSD Packet Filter Toolset from BSDCan 2022

Hardware Detection & Diagnostics for New FreeBSD Users & PCs

Beastie Bits

• [NetBSD - Announcing Google Summer of Code 2022 projects](https://blog.netbsd.org/tnf/entry/announcing_google_summer_of_code3)
• [Welcome FreeBSD Google Summer of Code Participants](https://freebsdfoundation.org/blog/welcome-freebsd-google-summer-of-code-participants/)
• [Network from Scratch](https://www.networksfromscratch.com)

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

UNIX Wars – The Battle for Standards

What every IT person needs to know about OpenBSD Part 3: That packet filter

FreeBSD 12.3-RELEASE Release Notes

News Roundup

TrueNAS 12.0-U7 is Released & TrueNAS 13.0 Begins

A bit on what Unix system pre-boot environments used to look like

RUN UNIX ON MICROCONTROLLERS WITH PDP-11 EMULATOR

Beastie Bits

• [BSDCan 2022 is a go.](https://www.bsdcan.org/2022/)

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

  ---

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

Jails: Confining the omnipotent root

• A dramatic reading of portions of the paper: Papers We Love: FreeBSD Jails and Solaris Zones *** ### Using Jails with ZFS and PF on DigitalOcean *** ## News Roundup ### NomadBSD 130R is out *** ### KDE Plasma Wayland - a week in FreeBSD *** ### Install Firefox under FreeBSD and Set it Up with Privacy *** Using NetBSD’s pkgsrc everywhere I can ***

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Malcolm - restoring a single file
• Nathan - wireless support
• bluefire - zfs special vdev Push to next show with Allan

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

Chasing a bad commit

While working on a big project where multiple teams merge their feature branches frequently into a release Git branch, developers often run into situations where they find that some of their work have been either removed, modified or affected by someone else's work accidentally. It can happen in smaller teams as well. Two features could have been working perfectly fine until they got merged together and broke something. That's a highly possible case. There are many other cases which could cause such hard to understand and subtle bugs which even continuous integration (CI) systems running the entire test suite of our projects couldn't catch.
We are not going to discuss how such subtle bugs can get into our release branch because that's just a wild territory out there. Instead, we can definitely discuss about how to find a commit that deviated from an expected outcome of a certain feature. The deviation could be any behaviour of our code that we can measure distinctively — either good or bad in general.

New FreeBSD Core Team Elected

The FreeBSD Project is pleased to announce the completion of the 2020 Core Team election. Active committers to the project have elected your Eleventh FreeBSD Core Team.!

• Baptiste Daroussin (bapt)
• Ed Maste (emaste)
• George V. Neville-Neil (gnn)
• Hiroki Sato (hrs)
• Kyle Evans (kevans)
• Mark Johnston (markj)
• Scott Long (scottl)
• Sean Chittenden (seanc)
• Warner Losh (imp) ***

News Roundup

Getting Started with NetBSD on the Pinebook Pro

If you buy a Pinebook Pro now, it comes with Manjaro Linux on the internal eMMC storage. Let’s install NetBSD instead!
The easiest way to get started is to buy a decent micro-SD card (what sort of markings it should have is a science of its own, by the way) and install NetBSD on that. On a warm boot (i.e. when rebooting a running system), the micro-SD card has priority compared to the eMMC, so the system will boot from there.

• A FreeBSD developer has borrowed some of the NetBSD code to get audio working on RockPro64 and Pinebook Pro: https://twitter.com/kernelnomicon/status/1282790609778905088 ***

FreeBSD on the Intel 10th Gen i3 NUC

I have ended up with some 10th Gen i3 NUC's (NUC10i3FNH to be specific) to put to work in my testbed. These are quite new devices, the build date on the boxes is 13APR2020. Before I figure out what their true role is (one of them might have to run linux) I need to install FreeBSD -CURRENT and see how performance and hardware support is.

pf table size check and change

Did you know there’s a default size limit to pf’s state table? I did not, but it makes sense that there is one. If for some reason you bump into this limit (difficult for home use, I’d think), here’s how you change it
There is a table-entries limit specified, you can see current settings with
'pfctl -s all'. You can adjust the limits in the /etc/pf.conf file
containing the rules with a line like this near the top:
set limit table-entries 100000

• In the original mail thread, there is mention of the FreeBSD sysctl net.pf.request_maxcount, which controls the maximum number of entries that can be sent as a single ioctl(). This allows the user to adjust the memory limit for how big of a list the kernel is willing to allocate memory for. ***

Beastie Bits

• tmux and bhyve
• Azure and FreeBSD
• Groff Tutorial *** ###Tarsnap
• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Tarsnap Mastery

Feedback/Questions

• Chris - ZFS Question
• Patrick - Tarsnap
• Pin - pkgsrc ***
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

Headlines

Fighting the Coronavirus with FreeBSD

Here is a quick HOWTO for those who want to provide some FreeBSD based compute resources to help finding vaccines.

UPDATE 2020-03-22: 0mp@ made a port out of this, it is in “biology/linux-foldingathome”.

Per default it will now pick up some SARS-CoV‑2 (COVID-19) related folding tasks. There are some more config options (e.g. how much of the system resources are used). Please refer to the official Folding@Home site for more information about that. Be also aware that there is a big rise in compute resources donated to Folding@Home, so the pool of available work units may be empty from time to time, but they are working on adding more work units. Be patient.

How to configure the Wireguard VPN in OPNsense

WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha's. The gotcha's occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that. My greatest struggle was configuring WireGuard to function similarly to my OpenVPN server. I want the ability to connect remotely to my home network from my iPhone or iPad, tunnel all traffic through the VPN, have access to certain devices and services on my network, and have the VPN devices use my home's Internet connection.

WireGuard behaves more like a SSH server than a typical VPN server. With WireGuard, devices which have shared their cryptographic keys with each other are able to connect via an encrypted tunnel (like a SSH server configured to use keys instead of passwords). The devices that are connecting to one another are referred to as “peer” devices. When the peer device is an OPNsense router with WireGuard installed, for instance, it can be configured to allow access to various resources on your network. It becomes a tunnel into your network similar to OpenVPN (with the appropriate firewall rules enabled). I will refer to the WireGuard installation on OPNsense as the server rather than a “peer” to make it more clear which device I am configuring unless I am describing the user interface because that is the terminology used interchangeably by WireGuard.

The documentation I found on WireGuard in OPNsense is straightforward and relatively easy to understand, but I had to wrestle with it for a little while to gain a better understanding on how it should be configured. I believe it was partially due to differing end goals – I was trying to achieve something a little different than the authors of other wiki/blog/forum posts. Piecing together various sources of information, I finally ended up with a configuration that met the goals stated above.

News Roundup

NomadBSD 1.3.1

NomadBSD 1.3.1 has recently been made available. NomadBSD is a lightweight and portable FreeBSD distribution, designed to run on live on a USB flash drive, allowing you to plug, test, and play on different hardware. They have also started a forum as of yesterday, where you can ask questions and mingle with the NomadBSD community. Notable changes in 1.3.1 are base system upgraded to FreeBSD 12.1-p2. automatic network interface setup improved, image size increased to over 4GB, Thunderbird, Zeroconf, and some more listed below.

GhostBSD 20.02

Eric Turgeon, main developer of GhostBSD, has announced version 20.02 of the FreeBSD based operating system. Notable changes are ZFS partition into the custom partition editor installer, allowing you to install alongside with Windows, Linux, or macOS. Other changes are force upgrade all packages on system upgrade, improved update station, and powerd by default for laptop battery performance.

New FuryBSD XFCE and KDE images

This new release is now based on FreeBSD 12.1 with the latest FreeBSD quarterly packages. This brings XFCE up to 4.14, and KDE up to 5.17. In addition to updates this new ISO mostly addresses community bugs, community enhancement requests, and community pull requests. Due to the overwhelming amount of reports with GitHub hosting all new releases are now being pushed to SourceForge only for the time being. Previous releases will still be kept for archive purposes.

pf-badhost 0.3 Released

pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants. Annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing and/or compromised webhosts.

Beastie Bits

• DragonFly i915 drm update
• CShell is punk rock
• The most surprising Unix programs

Feedback/Questions

• Master One - Torn between OpenBSD and FreeBSD
• Brad - Follow up to Linus ZFS story
• Filipe Carvalho - Call for Portuguese BSD User Groups

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

This episode was brought to you by

Headlines

OpenBSD, from distribution to project

• Ted Unangst has yet another interesting blog post up, this time covering a bit of BSD history and some different phases OpenBSD has been through
• It's the third part of his ongoing series of posts about OpenBSD removing large bits of code in favor of smaller replacements
• In the earliest days, OpenBSD collected and maintained code from lots of other projects (Apache, lynx, perl..)
• After importing new updates every release cycle, they eventually hit a transitional phase - things were updated, but nothing new was imported
• When the need arose, instead of importing a known tool to do the job, homemade replacements (OpenNTPD, OpenBGPD, etc) were slowly developed
• In more recent times, a lot of the imported code has been completely removed in favor of the homegrown daemons
• More discussion on HN and reddit ***

Remote ZFS mirrors, the hard way

• Backups to "the cloud" have become a hot topic in recent years, but most of them require trade-offs between convenience and security
• You have to trust (some of) the providers not to snoop on your data, but even the ones who allow you to locally encrypt files aren't without some compromise
• As the author puts it: "We don't need live synchronisation, cloud scaling, SLAs, NSAs, terms of service, lock-ins, buy-outs, up-sells, shut-downs, DoSs, fail whales, pay-us-or-we'll-deletes, or any of the noise that comes with using someone else's infrastructure."
• This guide walks you through setting up a FreeBSD server with ZFS to do secure offsite backups yourself
• The end result is an automatic system for incremental backups that's backed (pun intended) by ZFS
• If you're serious about keeping your important data safe and sound, you'll want to give this one a read - lots of detailed instructions ***

Various DragonFlyBSD updates

• The DragonFly guys have been quite busy this week, making an assortment of improvements throughout the tree
• Intel ValleyView graphics support was finally committed to the main repository
• While on the topic of graphics, they've also issued a call for testing for a DRM update (matching Linux 3.16's and including some more Broadwell fixes)
• Their base GCC compiler is also now upgraded to version 5.2
• If your hardware supports it, DragonFly will now use an accelerated console by default ***

QuakeCon runs on OpenBSD

• QuakeCon, everyone's favorite event full of rocket launchers, recently gave a mini-tour of their network setup
• For such a crazy network, unsurprisingly, they seem to be big fans of OpenBSD and PF
• In this video interview, one of the sysadmins discusses why he chose OpenBSD, what he likes about it, different packet queueing systems, how their firewalls and servers are laid out and much more
• He also talks about why they went with vanilla PF, writing their ruleset from the ground up rather than relying on a prebuilt solution
• There's also some general networking talk about nginx, reverse proxies, caching, fiber links and all that good stuff
• Follow-up questions can be asked in this reddit thread
• The host doesn't seem to be that familiar with the topics at hand, mentioning "OpenPF" multiple times among other things, so our listeners should get a kick out of it ***

Interview - Adrian Chadd - adrian@freebsd.org / @erikarn

Rethinking ways to improve FreeBSD

News Roundup

CII contributes to OpenBSD

• If you recall back to when we talked to the OpenBSD foundation, one of the things Ken mentioned was the Core Infrastructure Initiative
• In a nutshell, it's an organization of security experts that helps facilitate (with money, in most cases) the advancement of the more critical open source components of the internet
• The group is organized by the Linux foundation, and gets its multi-million dollar backing from various big companies in the technology space (and donations from volunteers)
• To ensure that OpenBSD and its related projects (OpenSSH, LibreSSL and PF likely being the main ones here) remain healthy, they've just made a large donation to the foundation - this makes them the first "platinum" level donor as well
• While the exact amount wasn't disclosed, it was somewhere between $50,000 and $100,000
• The donation comes less than a month after Microsoft's big donation, so it's good to see these large organizations helping out important open source projects that we depend on every day ***

Another BSDCan report

• The FreeBSD foundation is still getting trip reports from BSDCan, and this one comes from Mark Linimon
• In his report, he mainly covers the devsummit and some discussion with the portmgr team
• One notable change for the upcoming 10.2 release is that the default binary repository is now the quarterly branch - Mark talks a bit about this as well
• He also gives his thoughts on using QEMU for cross-compiling packages and network performance testing ***

Lumina 0.8.6 released

• The PC-BSD team has released another version of Lumina, their BSD-licensed desktop environment
• This is mainly a bugfix and performance improvement release, rather than one with lots of new features
• The on-screen display widget should be much faster now, and the configuration now allows for easier selection of default applications (which browser, which terminal, etc)
• Lots of non-English translation updates and assorted fixes are included as well
• If you haven't given it a try yet, or maybe you're looking for a new window manager, Lumina runs on all the BSDs ***

More c2k15 hackathon reports

• Even more reports from OpenBSD's latest hackathon are starting to pour in
• The first one is from Alexandr Nedvedicky, one of their brand new developers (the guy from Oracle)
• He talks about his experience going to a hackathon for the first time, and lays out some of the plans for integrating their (very large) SMP PF patch into OpenBSD
• Second up is Andrew Fresh, who went without any specific plans, but still ended up getting some UTF8 work done
• On the topic of ARMv7, "I did enjoy being there when things weren't working so [Brandon Mercer] could futilely try to explain the problem to me (I wasn't much help with kernel memory layouts). Fortunately others overheard and provided words of encouragement and some help which was one of my favorite parts of attending this hackathon."
• Florian Obser sent in a report that includes a little bit of everything: setting up the hackathon's network, relayd and httpd work, bidirectional forwarding detection, airplane stories and even lots of food
• Paul Irofti wrote in as well about his activities, which were mainly focused on the Octeon CPU architecture
• He wrote a new driver for the onboard flash of a DSR-500 machine, which was built following the Common Flash Interface specification
• This means that, going forward, OpenBSD will have out-of-the-box support for any flash memory device (often the case for MIPS and ARM-based embedded devices) ***

Feedback/Questions

• Hamza writes in
• Florian writes in
• Dominik writes in ***

This episode was brought to you by

Headlines

Out with the old, in with the less

• Our friend Ted Unangst has a new article up, talking about "various OpenBSD replacements and reductions"
• "Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs."
• In the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure
• It starts off with a lesser-known SCSI driver that "tried to do too much" being replaced with three separate drivers
• "Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver."
• In contrast to that example, he goes on to cite mandoc as taking a very non "unixy" direction, but at the same time being smaller and simpler than all the tools it replaced
• The next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)
• He also talks about the rewritten "file" utility: "Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it."
• Finally, sudo in OpenBSD's base system is moving to ports soon, and the article briefly describes a new tool that may or may not replace it, called "doas"
• There's also a nice wrap-up of all the examples at the end, and the "Pruning and Polishing" talk is good complementary reading material ***

More OpenZFS and BSDCan videos

• We mentioned last week that some of the videos from the second OpenZFS conference in Europe were being uploaded - here's some more
• Matt Ahrens did a Q&A session and talked about ZFS send and receive, as well as giving an overview of OpenZFS
• George Wilson talked about a performance retrospective
• Toshiba, Syneto and HGST also gave some talks about their companies and how they're using ZFS
• As for BSDCan, more of their BSD presentations have been uploaded too...
• Ryan Stone, PCI SR-IOV on FreeBSD
• George Neville-Neil, Measure Twice, Code Once
• Kris Moore, Unifying jail and package management for PC-BSD, FreeNAS and FreeBSD
• Warner Losh, I/O Scheduling in CAM
• Kirk McKusick, An Introduction to the Implementation of ZFS
• Midori Kato, Extensions to FreeBSD Datacenter TCP for Incremental Deployment Support
• Baptiste Daroussin, Packaging FreeBSD's base system
• Matt Ahrens, New OpenZFS features supporting remote replication
• Ed Schouten, CloudABI Cloud computing meets fine-grained capabilities
• The audio of Ingo Schwarze's talk "mandoc: becoming the main BSD manual toolbox" got messed up, but there's an alternate recording here, and the slides are here ***

SMP steroids for PF

• An Oracle employee that's been porting OpenBSD's PF to an upcoming Solaris release has sent in an interesting patch for review
• Attached to the mail was what may be the beginnings of making native PF SMP-aware
• Before you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind - this is just one piece of the puzzle
• The initial response has been quite positive though, with some back and forth between developers and the submitter
• For now, let's be patient and see what happens ***

DragonFly 4.2.0 released

• DragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes
• i915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release
• Sendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there's a wiki page about configuring it
• They've also switched the default compiler to GCC 5, though why they've gone in that direction instead of embracing Clang is a mystery
• The announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools
• Work is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement
• There was also some hacker news discussion you can check out, as well as upgrade instructions ***

OpenSMTPD 5.7.1 released

• The OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently
• Crypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default
• The long-awaited filter API is now enabled by default, though still considered slightly experimental
• Documentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)
• Many more small additions and bugfixes were made, so check the changelog for the full list
• Starting with 5.7.1, releases are now cryptographically signed to ensure integrity
• This release has gone through some major stress testing to ensure stability - Gilles regularly asks their Twitter followers to flood a test server with thousands of emails per second, even offering prizes to whoever can DDoS them the hardest
• OpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately
• Let's all encourage Kris to stop procrastinating on switching from Postfix ***

Interview - Jun Ebihara (蛯原純) - jun@netbsd.org / @ebijun

Lesser-known CPU architectures, embedded NetBSD devices

News Roundup

FreeBSD foundation at BSDCan

• The FreeBSD foundation has posted a few BSDCan summaries on their blog
• The first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: "Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people."
• He got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily
• Their second trip report is from Ahmed Kamal, who flew in all the way from Egypt
• A bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum's about MINIX and NetBSD
• There are also two more wrap-ups from Zbigniew Bodek and Vsevolod Stakhov, so you've got plenty to read ***

OpenBSD from a veteran Linux user perspective

• In a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time
• "For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an 'old-school' Linux admin, and I've felt out of place with the latest changes on the system administration."
• The post is a collection of his thoughts about what's different between Linux and BSD, what surprised him as a beginner - admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags
• One of the things that surprised him (in a positive way) was the documentation: "OpenBSD's man pages are so nice that RTFMing somebody on the internet is not condescending but selfless."
• He also goes through some of the basics, installing and updating software, following different branches
• It concludes with "If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern." ***

FreeBSD on the desktop, am I crazy

• Similar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up - this time about FreeBSD on the desktop
• He begins with a bit of forewarning for potential Linux switchers: "It certainly wasn't an easy journey, and I'm tempted to say do not try this at home to anybody who isn't going to leverage any of FreeBSD's strong points. Definitely don't try FreeBSD on the desktop if you haven't used it on servers or virtual machines before. It's got less in common with Linux than you might think."
• With that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd
• The rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash
• Also worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well
• In the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too ***

OpenIKED and Cisco CSR 1000v IPSEC

• This article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED
• What kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud
• There are lots of details (and example configuration files) for using IKEv2 and OpenBSD's built-in IKE daemon
• It also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that's afraid to try them… don't be ***

HardenedBSD improves stack randomization

• The HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area
• In their initial implementation, the stack randomization was a random gap - this update makes the base address randomized as well
• They're now stacking the new on top of the old as well, with the goal being even more entropy
• This change triggered an ABI and API incompatibility, so their major version has been bumped ***

OpenSSH 6.9 released

• The OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes
• There are a couple new things though - the "AuthorizedKeysCommand" config option now takes custom arguments
• One very notable change is that the default cipher has changed as of this release
• The traditional pairing of AES128 in counter mode with MD5 HMAC has been replaced by the ever-trendy ChaCha20-Poly1305 combo
• Their next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to "no" by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they're under 1024 bits
• Many small bugs fixes and improvements were also made, so check the announcement for everything else
• The native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon ***

Feedback/Questions

• Brad writes in
• Mason writes in
• Jochen writes in
• Simon writes in ***

This episode was brought to you by

Headlines

BSDCan 2015 videos

• BSDCan just ended last week, but some of the BSD-related presentation videos are already online
• Allan Jude, UCL for FreeBSD
• Andrew Cagney, What happens when a dwarf and a daemon start dancing by the light of the silvery moon?
• Andy Tanenbaum, A reimplementation of NetBSD using a MicroKernel
• Brooks Davis, CheriBSD: A research fork of FreeBSD
• Giuseppe Lettieri, Even faster VM networking with virtual passthrough
• Joseph Mingrone, Molecular Evolution, Genomic Analysis and FreeBSD
• Olivier Cochard-Labbe, Large-scale plug&play x86 network appliance deployment over Internet
• Peter Hessler, Using routing domains / routing tables in a production network
• Ryan Lortie, a stitch in time: jhbuild
• Ted Unangst, signify: Securing OpenBSD From Us To You
• Many more still to come... ***

Documenting my BSD experience

• Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try
• "That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in."
• In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks
• The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)
• You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into
• He's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon
• His second post explores replacing the firewall on his self-described "over complicated home network" with an OpenBSD box
• After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing
• All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand
• Getting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve ***

PC-BSD tries HardenedBSD builds

• The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated
• They're not the first major FreeBSD-based project to offer an alternate build - OPNsense did that a few weeks ago - but this might open the door for more projects to give it a try as well
• With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't have
• Time will tell if more projects and products like FreeNAS might be interested too ***

C-states in OpenBSD

• People who run BSD on their notebooks, you'll want to pay attention to this one
• OpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power mode
• According to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life
• If you're running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings ***

NetBSD at Open Source Conference 2015 Hokkaido

• The Japanese NetBSD users group never sleeps, and they've hit yet another open source conference
• As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)
• We'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms ***

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

Recent improvements to OpenBSD's dpb tool

News Roundup

Introducing xhyve, bhyve on OS X

• We've talked about FreeBSD's "bhyve" hypervisor a lot on the show, and now it's been ported to another OS
• As the name "xhyve" might imply, it's a port of bhyve to Mac OS X
• Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future
• It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer
• There are also a few examples on how to use it ***

4K displays on DragonFlyBSD

• If you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fine
• Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas
• Some GUI applications might look weird on such a huge resolution,
• HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience ***

Sandboxing port daemons on OpenBSD

• We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatment
• This blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn't chroot by default
• It goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it
• With a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots ***

SmallWall 1.8.2 released

• SmallWall is a relatively new BSD-based project that we've never covered before
• It's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits
• They've just released the first official version, so you can give it a try now
• If you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks... ***

Feedback/Questions

• David writes in
• Brian writes in
• Dan writes in
• Joel writes in
• Steve writes in ***

This episode was brought to you by

Headlines

Solaris' networking future is with OpenBSD

• A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
• It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
• For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
• What's more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
• This blog post goes through some of the backstory of the two firewalls
• PF is in a lot of places - other BSDs, Mac OS X and iOS - but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
• "Many of the world's largest corporations and government agencies are heavy Solaris users, meaning that even if you're neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD's PF for their filtering needs, we will all be benefiting even more from the OpenBSD project's emphasis on correctness, quality and security"
• You're welcome, Oracle ***

BAFUG discussion videos

• The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
• Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
• Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
• Lastly, Kip Macy gave a talk titled "network stack changes, user-level FreeBSD"
• The main two subjects there are some network stack changes, and how to get more people contributing, but there's also open discussion about a variety of FreeBSD topics
• If you're close to the Bay Area in California, be sure to check out their group and attend a meeting sometime ***

More than just a makefile

• If you're not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
• This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
• As it turns out, the ports system really isn't that different from a binary package manager - they are what's used to create binary packages, after all
• The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
• After that, he shows you how to get your new port tested, if you're interesting in doing some porting yourself, and getting involved with the rest of the community
• This post is very long and there's a lot more to it, so check it out (and more discussion on Hacker News) ***

Securing your home fences

• Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
• We hear from a lot of users who want to set up some kind of BSD-based firewall, but don't hear back from them after they've done it.. until now
• In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
• He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
• The post covers all the hardware you'll need, getting the OS installed to a flash drive or SD card and going through the whole process
• Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
• If you don't have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
• We love super-detailed guides like this, so everyone should write more and send them to us immediately ***

Interview - Pascal Stumpf - pascal@openbsd.org

Static PIE in OpenBSD

News Roundup

LLVM's new libFuzzer

• We've discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
• It looks like LLVM is going to have their own fuzzing tool too now
• The Clang and LLVM guys are no strangers to this type of code testing, but decided to "close the loop" and start fuzzing parts of LLVM (including Clang) using LLVM itself
• With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future ***

HardenedBSD upgrades secadm

• The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
• We covered both the secadm tool and integriforce in previous episodes, but the short version is that it's a way to prevent files from being altered (even as root)
• Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now ***

RAID5 returns to OpenBSD

• OpenBSD's softraid subsystem, somewhat similar to FreeBSD's GEOM, has had experimental RAID5 support for a while
• However, it was exactly that - experimental - and required a recompile to enable
• With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
• Now it's on by default, and there's a call for testing being put out, so grab a snapshot and put the code through its paces
• The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the "do you want to enable DUIDs?" question entirely ***

pkgng 1.5.0 released

• Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
• The "provides" and "requires" support is finally in a regular release
• A new "-r" switch will allow for direct installation to a chroot or alternate root directory
• Memory usage should be much better now, and some general code speed-ups were added
• This version also introduces support for Mac OS X, NetBSD and EdgeBSD - it'll be interesting to see if anything comes of that
• Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt) ***

p2k15 hackathon reports

• There was another OpenBSD hackathon that just finished up in the UK - this time it was mainly for ports work
• As usual, the developers sent in reports of some of the things they got done at the event
• Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
• Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn't provide any hardware documentation, as well as updating some of the games in ports
• Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all - he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier ***

Feedback/Questions

• Shaun writes in
• Hrishi writes in
• Randy writes in
• Zach writes in
• Ben writes in ***

Mailing List Gold

• Gstreamer hates us
• At least he's honest
• I find myself in a situation ***

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• The FreeBSD team has posted an updated on some of their activities between October and December of 2014
• They put a big focus on compatibility with other systems: the Linux emulation layer, bhyve, WINE and Xen all got some nice improvements
• As always, the report has lots of updates from the various teams working on different parts of the OS and ports infrastructure
• The release engineering team got 10.1 out the door, the ports team shuffled a few members in and out and continued working on closing more PRs
• FreeBSD's forums underwent a huge change, and discussion about the new support model for release cycles continues (hopefully taking effect after 11.0 is released)
• Git was promoted from beta to an officially-supported version control system (Kris is happy)
• The core team is also assembling a new QA team to ensure better code quality in critical areas, such as security and release engineering, after getting a number of complaints
• Other notable entries include: lots of bhyve fixes, Clang/LLVM being updated to 3.5.0, ongoing work to the external toolchain, adding FreeBSD support to more "cloud" services, pkgng updates, work on SecureBoot, more ARM support and graphics stack improvements
• Check out the full report for all the details that we didn't cover ***

OpenBSD package signature audit

• "Linux Audit" is a website focused on auditing and hardening systems, as well as educating people about securing their boxes
• They recently did an article about OpenBSD, specifically their ports and package system and signing infrastructure
• The author gives a little background on the difference between ports and binary packages, then goes through the technical details of how releases and packages are cryptographically signed
• Package signature formats and public key distribution methods are also touched on
• After some heckling, the author of the post said he plans to write more BSD security articles, so look forward to them in the future
• If you haven't seen our episode about signify with Ted Unangst, that would be a great one to check out after reading this ***

Replacing a Linux router with BSD

• There was recently a Slashdot discussion about migrating a Linux-based router to a BSD-based one
• The poster begins with "I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs."
• A lot of people were quick to recommend OPNsense and pfSense, being that they're very easy to administer (requiring basically no BSD knowledge at all)
• Other commenters suggested a more hands-on approach, setting one up yourself with FreeBSD or OpenBSD
• If you've been thinking about moving some routers over from Linux or other commercial solution, this might be a good discussion to read through
• Unfortunately, a lot of the comments are just Linux users bickering about systemd, so you'll have to wade through some of that to get to the good information ***

LibreSSL in FreeBSD and OPNsense

• A FreeBSD sysadmin has started documenting his experience replacing OpenSSL in the base system with the one from ports (and also experimenting with LibreSSL)
• The reasoning being that updates in base tend to lag behind, whereas the port can be updated for security very quickly
• OPNsense developers are looking into switching away from OpenSSL to LibreSSL's portable version, for both their ports and base system, which would be a pretty huge differentiator for their project
• Some ports still need fixing to be compatible though, particularly a few python-related ones
• If you're a FreeBSD ports person, get involved and help squash some of the last remaining bugs
• A lot of the work has already been done in OpenBSD's ports tree - some patches just need to be adopted
• More and more upstream projects are incorporating LibreSSL patches in their code - let your favorite software vendor know that you're using it ***

Interview - David Maxwell - david@netbsd.org / @david_w_maxwell

Pipecut, text processing, commandline wizardry

News Roundup

Jetpack, a new jail container system

• A new project was launched to adapt FreeBSD jails to the "app container specification"
• While still pretty experimental in terms of the development phase, this might be something to show your Linux friends who are in love with docker
• It's a similar project to iocage or bsdploy, which we haven't talked a whole lot about
• There was also some discussion about it on Hacker News ***

Separating base and package binaries

• All of the main BSDs make a strong separation between the base system and third party software
• This is in contrast to Linux where there's no real concept of a "base system" - more recently, some distros have even merged all the binaries into a single directory
• A user asks the community about the BSD way of doing it, trying to find out the advantages and disadvantages of both hierarchies
• Read the comments for the full explanation, but having things separated really helps keep things organized ***

Updated i915kms driver for FreeBSD

• This update brings the FreeBSD code closer inline with the Linux code, to make it easier to update going forward
• It doesn't introduce Haswell support just yet, but was required before the Haswell bits can be added ***

Year of the OpenBSD desktop

• Here we have an article about using OpenBSD as a daily driver for regular desktop usage
• The author says he "ran fifty thousand different distributions, never being satisfied"
• After dealing with the problems of Linux and fragmentation, he eventually gave up and bought a Macbook
• He also used FreeBSD between versions 7 and 9, finding a "a mostly harmonious environment," but regressions lead him to give up on desktop *nix once again
• Starting with 2015, he's back and is using OpenBSD on a Thinkpad x201
• The rest of the article covers some of his configuration tweaks and gives an overall conclusion on his current setup
• He apparently used our desktop tutorial - thanks for watching! ***

Unattended FreeBSD installation

• A new BSD user was looking to get some more experience, so he documented how to install FreeBSD over PXE
• His goal was to have a setup similar to Redhat's "kickstart" or OpenBSD's autoinstall
• The article shows you how to set up DHCP and TFTP, with no NFS share setup required
• He also gives a mention to mfsbsd, showing how you can customize its startup script to do most of the work for you ***

Feedback/Questions

• Robert writes in
• Sean writes in
• l33tname writes in
• Charlie writes in
• Eric writes in ***

Mailing List Gold

• Clowning around
• Better than succeeding in this case ***

This episode was brought to you by

Headlines

Updates to FreeBSD's random(4)

• FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT
• The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna
• Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE)
• Pluggable modules can now be written to add more sources of entropy
• These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9 ***

OpenBSD Tor relays and network diversity

• We've talked about getting more BSD-based Tor nodes a few times in previous episodes
• The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes
• With the security features and attention to detail, it makes for an excellent dedicated Tor box
• More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large
• A few users are even saying they'll convert their Linux nodes to OpenBSD to help out
• Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs
• The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it ***

SSP now default for FreeBSD ports

• SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces
• It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer)
• This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates
• If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over
• NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago
• Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed ***

Building an OpenBSD firewall and router

• While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side
• The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris
• Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community
• They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc.
• Through the comments, we also find out that QuakeCon runs OpenBSD on their network
• Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already ***

Interview - Kristaps Džonsons - kristaps@bsd.lv

Mandoc, historical man pages, various topics

Tutorial

Throttling bandwidth with PF

News Roundup

NetBSD at Kansai Open Forum 2014

• Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything
• From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all
• As always, you can find lots of pictures in the trip report ***

Getting to know your portmgr lurkers

• The lovable "getting to know your portmgr" series makes its triumphant return
• This time around, they interview Alex, one of the portmgr lurkers that joined just this month
• "How would you describe yourself?" "Too lazy."
• Another post includes a short interview with Emanuel, another new lurker
• We discussed the portmgr lurkers initiative with Steve Wills a while back ***

NetBSD's ARM port gets SMP

• The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used
• This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X
• NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released
• There are also a few nice pictures in the article ***

A high performance mid-range NAS

• This blog post is about FreeNAS and optimizing iSCSI performance
• It talks about using mid-range hardware with FreeNAS and different tunables you can change to affect performance
• There are some nice graphs and lots of detail if you're interested in tweaking some of your own settings
• They conclude "there is no optimal configuration; rather, FreeNAS can be configured to suit a particular workload" ***

Feedback/Questions

• Heto writes in
• Brad writes in
• Tyler writes in
• Tim writes in
• Brad writes in ***

Mailing List Gold

• Suspicious contributions
• La puissance du fromage
• Nothing unusual here ***

This episode was brought to you by

Headlines

g2k14 hackathon reports

• Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon
• Lots of work got done - in just the first two weeks of July, there were over 1000 commits to their CVS tree
• Some of the developers wrote in to document what they were up to at the event
• Bob Beck planned to work on kernel stuff, but then "LibreSSL happened" and he spent most of his time working on that
• Miod Vallat also tells about his LibreSSL experiences
• Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!)
• Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)
• Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things
• Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency
• Martin Pelikan integrated read-only ext4 support
• Vadim Zhukov did lots of ports work, including working on KDE4
• Theo de Raadt created a new, more secure system call, "sendsyslog" and did a lot of work with /etc, sysmerge and the rc scripts
• Paul Irofti worked on the USB stack, specifically for the Octeon platform
• Sebastian Benoit worked on relayd filters and IPv6 code
• Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader
• Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection
• Stefan Sperling fixed a lot of issues with wireless drivers
• Florian Obser did many things related to IPv6
• Ingo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface
• Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives
• Matthieu Herrb worked on updating and modernizing parts of xenocara ***

FreeBSD pf discussion takes off

• Concerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the "questions" and "current" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)
• Straight from the SMP FreeBSD pf maintainer: "no one right now [is actively developing pf on FreeBSD]"
• Searching for documentation online for pf is troublesome because there are two incompatible syntaxes
• FreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating
• There's also the issue of importing patches from pfSense, but most of those still haven't been done either
• Lots of disagreement among developers vs. users...
• Many users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested
• Henning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions
• Gleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as "uncorroborated claims" (but neither side has provided any public benchmarks)
• Gleb had to abandon his work on FreeBSD's pf because funding ran out ***

LibreSSL progress update

• LibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago
• Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list
• However, there has already been some drama... with Linux users
• There was a problem with Linux's PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy
• This "problem" doesn't affect OpenBSD's native implementation, only the portable version
• The developers decide to weigh in to calm the misinformation and rage
• A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now - remember to say thanks, guys
• Ted Unangst has a really good post about the whole situation, definitely check it out
• As a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it ***

Preparation for NetBSD 7

• The release process for NetBSD 7.0 is finally underway
• The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September
• If you run NetBSD, that'll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)
• They're also looking for some help updating documentation and fixing any bugs that get reported
• Another formal announcement will be made when the beta binaries are up ***

Interview - Dag-Erling Smørgrav - des@freebsd.org / @RealEvilDES

The role of the FreeBSD Security Officer, recent ports features, various topics

News Roundup

BSDCan ports and packages WG

• Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages
• Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages
• There's also some detail about the signing infrastructure and different mirrors
• Ports people and source people need to talk more often about ABI breakage
• The post also includes information about pkg 1.3, the old pkg tools' EOL, the quarterly stable package sets and a lot more (it's a huge post!) ***

Cross-compiling ports with QEMU and poudriere

• With recent QEMU features, you can basically chroot into a completely different architecture
• This article goes through the process of building ARMv6 packages on a normal X86 box
• Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now
• The poudriere-devel port now has a "qemu user" option that will pull in all the requirements
• Hopefully this will pave the way for official pkgng packages on those lesser-used architectures ***

Cloning FreeBSD with ZFS send

• For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen
• This post shows his entire process in creating a mirror machine, using ZFS for everything
• The "zfs send" and "zfs snapshot" commands really come in handy for this
• He does the whole thing from a live CD, pretty impressive ***

FreeBSD Overview series

• A new blog series we stumbled upon about a Linux user switching to BSD
• In part one, he gives a little background on being "done with Linux distros" and documents his initial experience getting and installing FreeBSD 10
• He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels
• Most of what he was used to on Linux was already in the default FreeBSD (except bash...)
• Part two documents his experiences with pkgng and ports ***

Feedback/Questions

• Bostjan writes in
• Rick writes in
• Clint writes in
• Esteban writes in
• Ben writes in
• Matt sends in pictures of his FreeBSD CD collection ***

This episode was brought to you by

Headlines

EuroBSDCon 2014 registration open

• September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year
• Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th
• Tutorials, sessions, dev summits and everything else all have their own pricing as well
• Registering between August 18th - September 12th will cost more for everything
• You can register online here and check hotels in the area
• The FreeBSD foundation is also accepting applications for travel grants ***

OpenBSD SMP PF update

• A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded
• With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump
• In a recent mailing list thread, Henning Brauer addresses some of the concerns
• The short version is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless
• He also says PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through
• There's also been even more recent concern about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches
• We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us ***

Introduction to NetBSD pkgsrc

• An article from one of our listeners about how to create a new pkgsrc port or fix one that you need
• The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format
• It also lists all the different bmake targets and their functions in relation to the porting process
• Finally, the post details the whole process of creating a new port ***

FreeBSD 9.3-RELEASE

• After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday
• The full list of changes is available, but it's mostly a smaller maintenance release
• Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more
• If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon
• Good news, this will be the first release with PGP-signed checksums on the FTP mirrors - a very welcome change
• With that out of the way, the 10.1-RELEASE schedule was posted ***

Interview - Bryan Drewery - bdrewery@freebsd.org / @bdrewery

The FreeBSD package building cluster, pkgng, ports, various topics

Tutorial

Tunneling traffic through DNS

News Roundup

SSH two-factor authentication on FreeBSD

• We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website
• This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port
• Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally
• It's a really, really simple process once you have the port installed - full details on the page ***

Ditch tape backup in favor of FreeNAS

• The author of this post shares some of his horrible experiences with tape backups for a client
• Having constant, daily errors and failed backups, he needed to find another solution
• With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS)
• The rest of the article details his experiences with it and tells about his setup ***

NetBSD vs FreeBSD, desktop experiences

• A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job
• Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver
• "Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga."
• He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system ***

PCBSD not-so-weekly digest

• Speaking of choices for a desktop system, it's the return of the PCBSD digest!
• Warden and PBI_add have gotten some interesting new features
• You can now create jails "on the fly" when adding a new PBI to your application library
• Bulk jail creation is also possible now, and it's really easy
• New Jenkins integration, with public access to poudriere logs as well
• PkgNG 1.3.0.rc2 testing for EDGE users ***

Feedback/Questions

• Jeff writes in - Sending Encrypted Backups over SSH + Sending ZFS snapshots via user
• Bruce writes in
• Richard writes in
• Jeff writes in - NYCBUG dmesg list
• Steve writes in ***

This episode was brought to you by

Headlines

pfSense 2.1.4 released

• The pfSense team has released 2.1.4, shortly after 2.1.3 - it's mainly a security release
• Included within are eight security fixes, most of which are pfSense-specific
• OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)
• It also includes a large number of various other bug fixes
• Update all your routers! ***

DragonflyBSD's pf gets SMP

• While we're on the topic of pf...
• Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas
• Stemming from a user's complaint, Matthew Dillon did his own work on pf to make it SMP-aware
• Altering your configuration's ruleset can also help speed things up, he found
• When will OpenBSD, the source of pf, finally do the same? ***

ChaCha usage and deployment

• A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5
• This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20
• OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it
• Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not
• Unfortunately, this article has one mistake: FreeBSD does not use it - they still use the broken RC4 algorithm ***

BSDMag June 2014 issue

• The monthly online BSD magazine releases their newest issue
• This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities
• The free pdf file is available for download as always ***

Interview - Craig Rodrigues - rodrigc@freebsd.org

FreeBSD's continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

• Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures
• In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns
• With signify, now everything is fully downloaded and verified before tar is even invoked
• The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post
• Be sure to also read the original post from Adam, lots of good information ***

FreeBSD 9.3-RC2 is out

• As the -RELEASE inches closer, release candidate 2 is out and ready for testing
• Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things
• The updated bsdconfig will use pkgng style packages now too
• A lesser known fact: there are also premade virtual machine images you can use too ***

pkgsrcCon 2014 wrap-up

• In what may be the first real pkgsrcCon article we've ever had!
• Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event
• Unfortunately no recordings to be found... ***

PostgreSQL FreeBSD performance and scalability

• FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales
• On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings
• Lots of technical details if you're interested in getting the best performance out of your hardware
• It also includes specific kernel options he used and the rest of the configuration
• If you don't want to open the pdf file, you can use this link too ***

Feedback/Questions

• James writes in
• Klemen writes in
• John writes in
• Brad writes in
• Adam writes in ***

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and schedule

• The talks and schedules for EuroBSDCon 2014 are finally revealed
• The opening keynote is called "FreeBSD, looking forward to another 10 years" by jkh
• Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great
• It looks like Theo even has a talk, but the title isn't on the page... how mysterious
• There are also days dedicated to some really interesting tutorials
• Register now, the conference is on September 25-28th in Bulgaria
• If you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen
• Why aren't the videos up from last year yet? Will this year also not have any? ***

FreeNAS vs NAS4Free

• More mainstream news covering BSD, this time with an article about different NAS solutions
• In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free
• Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect
• Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project
• "One is pleasantly functional; the other continues devolving during a journey of pain" - uh oh, who's the loser? ***

Quality software costs money, heartbleed was free

• PHK writes an article for ACM Queue about open source software projects' funding efforts
• A lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc
• The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding
• The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them
• On that subject, "Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software"
• Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive ***

Geoblock evasion with pf and OpenBSD rdomains

• Geoblocking is a way for websites to block visitors based on the location of their IP
• This is a blog post about how to get around it, using pf and rdomains
• It has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that...)
• In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia
• It's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters ***

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

OpenBSD's package system, building cluster, various topics

Tutorial

Keeping your BSD up to date

News Roundup

BoringSSL and LibReSSL

• Yet another OpenSSL fork pops up, this time from Google, called BoringSSL
• Adam Langley has a blog post about it, why they did it and how they're going to maintain it
• You can easily browse the source code
• Theo de Raadt also weighs in with how this effort relates to LibReSSL
• More eyes on the code is good, and patches will be shared between the two projects ***

More BSD Tor nodes wanted

• Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous
• Originally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network
• If one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc.
• The EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year
• Check out our Tor tutorial and help out the network, and promote BSD at the same time! ***

FreeBSD 10 OpenStack images

• OpenStack, to quote Wikipedia, is "a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution."
• The article goes into detail about creating a FreeBSD instant, installing and converting it for use with "bsd-cloudinit"
• The author of the article is a regular listener and emailer of the show, hey! ***

BSDday 2014 call for papers

• BSD Day, a conference not so well-known, is going to be held August 9th in Argentina
• It was created in 2008 and is the only BSD conference around that area
• The "call for papers" was issued, so if you're around Argentina and use BSD, consider submitting a talk
• Sysadmins, developers and regular users are, of course, all welcome to come to the event ***

Feedback/Questions

• Maruf writes in
• Solomon writes in
• Silas writes in
• Bert writes in ***

This episode was brought to you by

Headlines

BSDCan 2014 talks and reports, part 2

• More presentations and trip reports are still being uploaded
• Ingo Schwarze, New Trends in mandoc
• Vsevolod Stakhov, The Architecture of the New Solver in pkg
• Julio Merino, The FreeBSD Test Suite
• Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM
• There's also a trip report from Michael Dexter and another (very long and detailed) trip report from our friend Warren Block that even gives us some linkage, thanks! ***

Beyond security, getting to know OpenBSD's real purpose

• Michael W Lucas (who, we learn through this video, has been using BSD since 1986) gave a "webcast" last week, and the audio and slides are finally up
• It clocks in at just over 30 minutes, managing to touch on a lot of OpenBSD topics
• Some of those topics include: what is OpenBSD and why you should care, the philosophy of the project, how it serves as a "pressure cooker for ideas," briefly touches on GPL vs BSDL, their "do it right or don't do it at all" attitude, their stance on NDAs and blobs, recent LibreSSL development, some of the security functions that OpenBSD enabled before anyone else (and the ripple effect that had) and, of course, their disturbing preference for comic sans
• Here's a direct link to the slides
• Great presentation if you'd like to learn a bit about OpenBSD, but also contains a bit of information that long-time users might not know too ***

FreeBSD vs Linux, a comprehensive comparison

• Another blog post covering something people seem to be obsessed with - FreeBSD vs Linux
• This one was worth mentioning because it's very thorough in regards to how things are done behind the scenes, not just the usual technical differences
• It highlights the concept of a "core team" and their role vs "contributors" and "committers" (similar to a presentation Kirk McKusick did not long ago)
• While a lot of things will be the same on both platforms, you might still be asking "which one is right for me?" - this article weighs in with some points for both sides and different use cases
• Pretty well-written and unbiased article that also mentions areas where Linux might be better, so don't hate us for linking it ***

Expand FreeNAS with plugins

• One of the things people love the most about FreeNAS (other than ZFS) is their cool plugin framework
• With these plugins, you can greatly expand the feature set of your NAS via third party programs
• This page talks about a few of the more popular ones and how they can be used to improve your NAS or media box experience
• Some examples include setting up an OwnCloud server, Bacula for backups, Maraschino for managing a home theater PC, Plex Media Server for an easy to use video experience and a few more
• It then goes into more detail about each of them, how to actually install plugins and then how to set them up ***

Interview - Karl Lehenbauer - karl@flightaware.com / @flightaware

FreeBSD at FlightAware, BSD history, various topics

Tutorial

Ports and packages in OpenBSD

News Roundup

Code review culture meets FreeBSD

• In most of the BSDs, changes need to be reviewed by more than one person before being committed to the tree
• This article describes Phabricator, an open source code review system that we briefly mentioned last week
• Instructions for using it are on the wiki
• While not approved by the core team yet for anything official, it's in a testing phase and developers are encouraged to try it out and get their patches reviewed
• Just look at that fancy interface!! ***

Upcoming BSD books

• Sneaky MWL somehow finds his way into both our headlines and the news roundup
• He gives us an update on the next BSD books that he's planning to release
• The plan is to release three (or so) books based on different aspects of FreeBSD's storage system(s) - GEOM, UFS, ZFS, etc.
• This has the advantage of only requiring you to buy the one(s) you're specifically interested in
• "When will they be released? When I'm done writing them. How much will they cost? Dunno."
• It's not Absolute FreeBSD 3rd edition... ***

CARP failover and high availability on FreeBSD

• If you're running a cluster or a group of servers, you should have some sort of failover in place
• But the question comes up, "how do you load balance the load balancers!?"
• This video goes through the process of giving more than one machine the same IP, how to set up CARP, securing it and demonstrates a node dying
• Also mentions DNS-based load balancing as another option ***

PCBSD weekly digest

• This time in PCBSD land, we're getting ready for the 10.0.2 release (ISOs here)
• AppCafe got a good number of fixes, and now shows 10 random highlighted applications
• EasyPBI added a "bulk" mode to create PBIs of an entire FreeBSD port category
• Lumina, the new desktop environment, is still being worked on and got some bug fixes too ***

Feedback/Questions

• Paul writes in
• Matt writes in
• Kjell writes in
• Paul writes in
• Tom writes in ***

This episode was brought to you by

Headlines

FreeBSD 11 goals and discussion

• Something that actually happened at BSDCan this year...
• During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE
• Some of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support
• A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more
• There's also some notes from the devsummit virtualization session, mostly talking about bhyve
• Lastly, he also provides some notes about ports and packages and where they're going ***

An SSH honeypot with OpenBSD and Kippo

• Everyone loves messing with script kiddies, right?
• This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD
• It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely
• You can use this to get new 0day exploits or find weaknesses in your systems
• OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications ***

NetBSD foundation financial report

• The NetBSD foundation has posted their 2013 financial report
• It's a very "no nonsense" page, pretty much only the hard numbers
• In 2013, they got $26,000 of income in donations
• The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else
• Be sure to donate to whichever BSDs you like and use! ***

Building a fully-encrypted NAS with OpenBSD

• Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing
• This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind
• The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected
• The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too
• There's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up! ***

Interview - Brian Callahan & Aaron Bieber - admin@lists.nycbug.org & admin@cobug.org

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

• If you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email
• This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them
• From bad SSH logins to Zabbix alerts, it all adds up quickly
• It highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers ***

Doing cool stuff with OpenBSD routing domains

• A blog post from our viewer and regular emailer, Kjell-Aleksander!
• He manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project
• This is where OpenBSD routing domains and pf come in to save the day
• The blog post goes through the process with all the network details you could ever dream of
• He even named his networking equipment... after us ***

LibreSSL, the good and the bad

• We're all probably familiar with OpenBSD's fork of OpenSSL at this point
• However, "for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk"
• This article talks about some of the cryptographic development challenges involved with maintaining such a massive project
• You need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled
• It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility ***

PCBSD weekly digest

• Lots going on in PCBSD land this week, AppCafe has been redesigned
• The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update
• In the more recent post, there's some further explanation of the PBI system and the reason for the transition
• It's got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion ***

Feedback/Questions

• Antonio writes in
• Daniel writes in
• Sean writes in
• tsyn writes in
• Chris writes in ***

This episode was brought to you by

Headlines

OpenBSD 5.5 released

• If you ordered a CD set then you've probably had it for a little while already, but OpenBSD has formally announced the public release of 5.5
• This is one of the biggest releases to date, with a very long list of changes and improvements
• Some of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes... and a lot more
• The full list of changes is HUGE, be sure to read through it all if you're interested in the details
• If you're doing an upgrade from 5.4 instead of a fresh install, pay careful attention to the upgrade guide as there are some very specific steps for this version
• Also be sure to apply the errata patches on your new installations... especially those OpenSSL ones (some of which still aren't fixed in the other BSDs yet)
• On the topic of errata patches, the project is now going to also send them out (signed) via the announce mailing list, a very welcome change
• Congrats to the whole team on this great release - 5.6 is going to be even more awesome with "Libre"SSL and lots of other stuff that's currently in development ***

FreeBSD foundation funding highlights

• The FreeBSD foundation posts a new update on how they're spending the money that everyone donates
• "As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we've done to help FreeBSD become the most innovative, reliable, and high-performance operation system"
• During this spring, they want to highlight the new UEFI boot support and newcons
• There's a lot of details about what exactly UEFI is and why we need it going forward
• FreeBSD has also needed some updates to its console to support UTF8 and wide characters
• Hopefully this series will continue and we'll get to see what other work is being sponsored ***

OpenSSH without OpenSSL

• The OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional
• Since it won't have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security
• This version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES in counter mode and the new combination of the Chacha20 stream cipher with Poly1305 for packet integrity
• Key exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs
• No support for RSA, DSA or ECDSA public keys - only Ed25519
• It also includes a new buffer API and a set of wrappers to make it compatible with the existing API
• Believe it or not, this was planned before all the heartbleed craziness
• Maybe someday soon we'll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc, would be really neat ***

BSDMag's April 2014 issue is out

• The free monthly BSD magazine has got a new issue available for download
• This time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online
• Anyone can contribute to the magazine, just send the editors an email about what you want to write
• No Linux articles this time around, good ***

Interview - David Chisnall - theraven@freebsd.org

The LLVM/Clang switch, FreeBSD's core team, various topics

Tutorial

RAID in FreeBSD and OpenBSD

News Roundup

BSDTalk episode 240

• Our buddy Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest - mainly to talk about NTP and keeping reliable time
• Topics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round trip time, some of the recent NTP amplification attacks, the downsides to using UDP instead of TCP and... much more
• GNN also talks a little about the Precision Time Protocol and how it's different than NTP
• Two people we've interviewed talking to each other, awesome
• If you're interested in NTP, be sure to see our tutorial too ***

m2k14 trip reports

• We've got a few more reports from the recent OpenBSD hackathon in Morocco
• The first one is from Antoine Jacoutot (who is a key GNOME porter and gave us the screenshots for the OpenBSD desktop tutorial)
• "Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 unprepared about what I was going to do"
• He got lots of work done with ports and pushing GNOME-related patches back up to the main project, then worked on fixing ports' compatibility with LibreSSL
• Speaking of LibreSSL, there's an article all would-be portable version writers should probably read and take into consideration
• Jasper Adriaanse also writes about what he got done over there
• He cleaned up and fixed the puppet port to work better with OpenBSD ***

Why you should use FreeBSD on your cloud VPS

• Here we have a blog post from Atlantic, a VPS and hosting provider, about 10 reasons for using FreeBSD
• Starts off with a little bit of BSD history for those who are unfamiliar with it and only know Linux and Windows
• The 10 reasons are: community, stability, collaboration, ease of use, ports, security, ZFS, GEOM, sound and having lots of options
• The post goes into detail about each of them and why FreeBSD makes a great choice for a VPS OS ***

PCBSD weekly digest

• Big changes coming in the way PCBSD manages software
• The PBI system, AppCafe and related tools are all going to use pkgng now
• The AppCafe will no longer be limited to PBIs, so much more software will be easily available from the ports tree
• New rating system coming soon and much more ***

Feedback/Questions

• Martin writes in
• John writes in
• Alex writes in
• Goetz writes in
• Jarrad writes in ***

This episode was brought to you by

Headlines

ALTQ removed from PF

• Kicking off our big PF episode...
• The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current
• There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf
• As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping
• After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem
• This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately. ***

FreeBSD Quarterly Status Report

• The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks
• Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added
• We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team
• LOTS of details and LOTS of topics to cover, give it a read ***

OpenBSD's OpenSSL rewrite continues with m2k14

• A mini OpenBSD hackathon begins in Morocco, Africa
• You can follow the changes in the -current CVS log, but a lot of work is mainly going towards the OpenSSL cleaning
• We've got two trip reports so far, hopefully we'll have some more to show you in a future episode
• You can see some of the more interesting quotes from the tear-down or see everything
• Apparently they are going to call the fork "LibreSSL" ....
• What were the OpenSSL developers thinking? The RSA private key was used to seed the entropy!
• We also got some mainstream news coverage and another post from Ted about the history of the fork
• Definitely consider donating to the OpenBSD foundation, this fork will benefit all the other BSDs too ***

NetBSD 6.1.4 and 6.0.5 released

• New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes
• The main update is - of course - the heartbleed vulnerability
• Also includes fixes for other security issues and even a kernel panic... on Atari
• Patch your Ataris right now, this is serious business ***

Interview - Peter Hansteen - peter@bsdly.net / @pitrh

The Book of PF: 3rd edition

Tutorial

BSD Firewalls: PF

News Roundup

New Xorg now the default in FreeBSD

• For quite a while now, FreeBSD has had two versions of X11 in ports
• The older, stable version was the default, but you could install a newer one by having "WITH_NEW_XORG" in /etc/make.conf
• They've finally made the switch for 10-STABLE and 9-STABLE
• Check this wiki page for more info ***

GSoC-accepted BSD projects

• The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned
• OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon
• The FreeBSD list was also posted
• Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more
• Good luck to all the students participating, hopefully they become full time BSD users ***

Complexity of FreeBSD VFS using ZFS as an example

• HybridCluster posted the second part of their VFS and ZFS series
• This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy
• Of course, also watch episode 24 for our interview with HybridCluster - they do really interesting stuff ***

PCBSD weekly digest

• Preload has been ported over, it's a daemon that prefetches applications
• PCBSD is developing their own desktop environment, Lumina (there's also an FAQ)
• It's still in active development, but you can try it out by installing from ports
• We'll be showing a live demo of it in a few weeks (when development settles down a bit)
• Some kid in Australia subjects his poor mother to being on camera while she tries out PCBSD and gives her impressions of it ***

This episode was brought to you by

Headlines

FreeBSD and OpenBSD in GSOC2014

• The Google Summer of Code is a way to encourage students to write code for open source projects and make some money
• Both FreeBSD and OpenBSD were accepted, and we'd love for anyone listening to check out their GSOC pages
• The FreeBSD wiki has a list of things that they'd be interested in someone helping out with
• OpenBSD's want list was also posted
• DragonflyBSD and NetBSD were sadly not accepted this year ***

Yes, you too can be an evil network overlord

• A new blog post about monitoring your network using only free tools
• OpenBSD is a great fit, and has all the stuff you need in the base system or via packages
• It talks about the pflow pseudo-interface, its capabilities and relation to NetFlow (also goes well with pf)
• There's also details about flowd and nfsen, more great tools to make network monitoring easy
• If you're listening, Peter... stop ignoring our emails and come on the show! We know you're watching! ***

BSDMag's February issue is out

• The theme is "configuring basic services on OpenBSD 5.4"
• There's also an interview with Peter Hansteen (oh hey...)
• Topics also include locking down SSH, a GIMP lesson, user/group management, and...
• Linux and Solaris articles? Why?? ***

Changes in bcrypt

• Not specific to any OS, but the OpenBSD team is updating their bcrypt implementation
• There is a bug in bcrypt when hashing long passwords - other OSes need to update theirs too! (FreeBSD already has)
• "The length is stored in an unsigned char type, which will overflow and wrap at 256. Although we consider the existence of affected hashes very rare, in order to differentiate hashes generated before and after the fix, we are introducing a new minor 'b'."
• As long as you upgrade your OpenBSD system in order (without skipping versions) you should be ok going forward
• Lots of specifics in the email, check the full thing ***

Interview - Will Backman - bitgeist@yahoo.com / @bsdtalk

The BSDTalk podcast, BSD advocacy, various topics

Tutorial

Tracking and cross-compiling -CURRENT (NetBSD)

News Roundup

X11 no longer needs root

• Xorg has long since required root privileges to run the main server
• With recent work from the OpenBSD team, now everything (even KMS) can run as a regular user
• Now you can set the "machdep.allowaperture" sysctl to 0 and still use a GUI ***

OpenSSH 6.6 CFT

• Shortly after the huge 6.5 release, we get a routine bugfix update
• Test it out on as many systems as you can
• Check the mailing list for the full bug list ***

Creating an OpenBSD USB drive

• Since OpenBSD doesn't distribute any official USB images, here are some instructions on how to do it
• Step by step guide on how you can make your very own
• However, there's some recent emails that suggest official USB images may be coming soon... oh wait ***

PCBSD weekly digest

• New PBI updates that allow separate ports from /usr/local
• You need to rebuild pbi-manager if you want to try it out
• Updates and changes to Life Preserver, App Cafe, PCDM ***

Feedback/Questions

• espressowar writes in
• Antonio writes in
• Christian writes in
• Adam writes in
• Alex writes in ***

This episode was brought to you by

Headlines

EuroBSDCon and AsiaBSDCon

• This year, EuroBSDCon will be in September in Sofia, Bulgaria
• They've got a call for papers up now, so everyone can submit the talks they want to present
• There will also be a tutorial section of the conference
• AsiaBSDCon will be next month, in March!
• All the info about the registration, tutorials, hotels, timetable and location have been posted
• Check the link for all the details on the talks - if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers! ***

FreeBSD 10 on Ubiquiti EdgeRouter Lite

• The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU
• This article goes through the process of installing and configuring FreeBSD on it to use as a home router
• Lots of good pictures of the hardware and specific details needed to get you set up
• It also includes the scripts to create your own images if you don't want to use the ones rolled by someone else
• For such a cheap price, might be a really fun weekend project to replace your shitty consumer router
• Of course if you're more of an OpenBSD guy, you can always see our tutorial for that too ***

Signed pkgsrc package guide

• We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up
• It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)
• He goes through the process of signing packages with a public key and how to verify the packages when you install them
• The author also happens to be an EdgeBSD developer ***

Big batch of OpenBSD hackathon reports

• Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI
• In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things
• In the third, jsg updated libdrm and mesa and did various work on xenocara
• In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead - but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he's done
• In the fifth, claudio talks about some stuff he did for routing tables and misc. other things ***

Interview - Chris Buechler - cmb@pfsense.com / @cbuechler

pfSense

Tutorial

pfSense walkthrough

News Roundup

FreeBSD challenge continues

• Our buddy from the Linux foundation continues his switching to BSD journey
• In day 13, he covers some tips for new users, mentions trying things out in a VM first
• In day 14, he starts setting up XFCE and X11, feels like he's starting over as a new Linux user learning the ropes again - concludes that ports are the way to go
• In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch
• In day 16, he dives into the world of FreeBSD jails! ***

BSD books in 2014

• BSD books are some of the highest quality technical writings available, and MWL has written a good number of them
• In this post, he details some of his plans for 2014
• In includes at least one OpenBSD book, at least one FreeBSD book and...
• Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)
• Check the link for all the details ***

How to build FreeBSD/EC2 images

• Our friend Colin Percival details how to build EC2 images in a new blog post
• Most people just use the images he makes on their instances, but some people will want to make their own from scratch
• You build a regular disk image and then turn it into an AMI
• It requires a couple ports be installed on your system, but the whole process is pretty straightforward ***

PCBSD weekly digest

• This time around we discuss how you can become a developer
• Kris also details the length of supported releases
• Expect lots of new features in 10.1 ***

Feedback/Questions

• Sean writes in
• Jake writes in
• Niclas writes in
• Steffan writes in
• Antonio writes in
• Chris writes in ***

This episode was brought to you by

Headlines

FreeBSD 10.0-RELEASE is out

• The long awaited, giant release of FreeBSD is now official and ready to be downloaded
• One of the biggest releases in FreeBSD history, with tons of new updates
• Some features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system... the list goes on and on
• Start up your freebsd-update or do a source-based upgrade ***

OpenSSH 6.5 CFT

• Our buddy Damien Miller announced a Call For Testing for OpenSSH 6.5
• Huge, huge release, focused on new features rather than bugfixes (but it includes those too)
• New ciphers, new key formats, new config options, see the mailing list for all the details
• Should be in OpenBSD 5.5 in May, look forward to it - but also help test on other platforms! ***

DIY NAS story, FreeNAS 9.2.1-BETA

• Another new blog post about FreeNAS!
• Instead of updating the older tutorials, the author started fresh and wrote a new one for 2014
• "I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS"
• Really long article with lots of nice details about his setup, why you might want a NAS, etc.
• Speaking of FreeNAS, they released 9.2.1-BETA with lots of bugfixes ***

OpenBSD needed funding for electricity.. and they got it

• Briefly mentioned at the end of last week's show, but has blown up over the internet since
• OpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments
• They needed about $20,000 to cover electric costs for the server rack in Theo's basement
• Lots of positive reaction from the community helping out so far, and it appears they have reached their goal and got $100,000 in donations
• From Bob Beck: "we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation"
• This is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large ***

Interview - Colin Percival - cperciva@freebsd.org / @cperciva

FreeBSD on Amazon EC2, backups with Tarsnap, 10.0-RELEASE, various topics

Tutorial

Bandwidth monitoring and testing

News Roundup

pfSense talk at Tokyo FreeBSD Benkyoukai

• Isaac Levy will be presenting "pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments"
• He's also going to be looking for help to translate the pfSense documentation into Japanese
• The event is on February 17, 2014 if you're in the Tokyo area ***

m0n0wall 1.8.1 released

• For those who don't know, m0n0wall is an older BSD-based firewall OS that's mostly focused on embedded applications
• pfSense was forked from it in 2004, and has a lot more active development now
• They switched to FreeBSD 8.4 for this new version
• Full list of updates in the changelog
• This version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no! ***

Ansible and PF, plus NTP

• Another blog post from our buddy Michael Lucas
• There've been some NTP amplification attacks recently in the news
• The post describes how he configured ntpd on a lot of servers without a lot of work
• He leverages pf and ansible for the configuration
• OpenNTPD is, not surprisingly, unaffected - use it ***

ruBSD videos online

• Just a quick followup from a few weeks ago
• Theo and Henning's talks from ruBSD are now available for download
• There's also a nice interview with Theo ***

PCBSD weekly digest

• 10.0-RC4 images are available
• Wine PBI is now available for 10
• 9.2 systems will now be able to upgrade to version 10 and keep their PBI library ***

Feedback/Questions

• Sha'ul writes in
• Kjell-Aleksander writes in
• Mike writes in
• Charlie writes in (and gets a reply)
• Kevin writes in ***

This episode was brought to you by

Headlines

Faces of FreeBSD continues

• Our first one details Shteryana Shopova, the local organizer for EuroBSDCon 2014 in Sophia
• Gives some information about how she got into BSD
• "I installed FreeBSD on my laptop, alongside the Windows and Slackware Linux I was running on it at the time. Several months later I realized that apart from FreeBSD, I hadn't booted the other two operating systems in months. So I wiped them out."
• She wrote bsnmpd and extended it with the help of a grant from the FreeBSD Foundation
• We've also got one for Kevin Martin
• Started off with a pinball website, ended up learning about FreeBSD from an ISP and starting his own hosting company
• "FreeBSD has been an asset to our operations, and while we have branched out a bit, we still primarily use FreeBSD and promote it whenever possible. FreeBSD is a terrific technology with a terrific community." ***

OpenPF?

• A blog post over at the Dragonfly digest
• What if we had some cross platform development of OpenBSD's firewall?
• Similar to portable OpenSSH or OpenZFS, there could be a centrally-developed version with compatibility glue
• Right now FreeBSD 9's pf is old, FreeBSD 10's pf is old (but has the best performance of any implementation due to custom patches), NetBSD's pf is old (but they're working on a fork) and Dragonfly's pf is old
• Further complicated by the fact that PF itself doesn’t have a version number, since it was designed to just be ‘the pf that came with OpenBSD 5.4’
• Not likely to happen any time soon, but it's good food for thought ***

Year of BSD on the server

• A good blog post about switching servers from Linux to BSD
• 2014 is going to be the year of a lot of switching, due to FreeBSD 10's amazing new features
• This author was particularly taken with pkgng and the more coherent layout of BSD systems
• Similarly, there was also a recent reddit thread, "Why did you choose BSD over Linux?"
• Both are excellent reads for Linux users that are thinking about making the switch, send 'em to your friends ***

Getting to know your portmgr

• This time in the series they interview Bryan Drewery, a fairly new addition to the team
• He started maintaining portupgrade and portmaster, and eventually ended up on the ports management team
• Believe it or not, his wife actually had a lot to do with him getting into FreeBSD full-time
• Lots of fun trivia and background about him
• Speaking of portmgr, our interview for today is... ***

Interview - Baptiste Daroussin - bapt@freebsd.org

The future of FreeBSD's binary packages, ports' features, various topics

News Roundup

pfSense december hang out

• Interview/presentation from pfSense developer Chris Buechler with an accompanying blog post
• "This is the first in what will be a monthly recurring series. Each month, we’ll have a how to tutorial on a specific topic or area of the system, and updates on development and other happenings with the project. We have several topics in mind, but also welcome community suggestions on topics"
• Speaking of pfSense, they recently opened an online store
• We're planning on having a pfSense episode next month! ***

BSDMag December issue is out

• The free monthly BSD magazine gets a new release for December
• Topics include CARP on FreeBSD, more BSD programming, "unix basics for security professionals," some kernel introductions, using OpenBSD as a transparent proxy with relayd, GhostBSD overview and some stuff about SSH ***

OpenBSD gets tmpfs

• In addition to the recently-added FUSE support, OpenBSD now has tmpfs
• To get more testing, it was enabled by default in -current
• Should make its way into 5.5 if everything goes according to plan
• Enables lots of new possibilities, like our ccache and tmpfs guide ***

PCBSD weekly digests

• Catching up with all the work going on in PCBSD land..
• 10.0-RC2 is now available
• The big pkgng 1.2 problems seem to have been worked out ***

Feedback/Questions

• Remy writes in
• Jason writes in
• Rob writes in
• John writes in
• Stuart writes in ***