NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Kubernetes and back - Why I don't run distributed systems

NetApp’s strategic contributions to FreeBSD: a deep dive into upstreaming efforts

News Roundup

Make your own E-Mail server - Part 2 - Adding Webmail and More with Nextcloud

Poudriere on Apple Silicon

One less Un*xy option for 32-bit PowerPC

Beastie Bits

• Powering up the future: the new FreeBSD cluster in Chicago
• Dragonflybsd 6.5 Snapshot Release on Acer Nitro AN515-51/58-XXX Series Laptops

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

Customizing the FreeBSD Kernel

Learn more about customizing the build of the FreeBSD kernel and its loadable modules

---

OpenBSD/loongson on the Lemote Fuloong

In my article about running OpenBSD/loongson on the Lemote Yeeloong back in 2016, I mentioned looking for a Fuloong. All hope seemed lost until the Summer of 2017, when a fellow OpenBSD developer was contacted by a generous user (Thanks again, Lars!) offering to donate two Lemote Fuloong machines, and I was lucky enough to get one of those units.

News Roundup

How ZFS on Linux brings up pools and filesystems at boot under systemd

On Solaris and Illumos, how ZFS pools and filesystems were brought up at boot was always a partial mystery to me (and it seemed to involve the kernel knowing a lot about /etc/zfs/zpool.cache). On Linux, additional software RAID arrays are brought up mostly through udev rules, which has its own complications. For a long time I had the general impression that ZFS on Linux also worked through udev rules to recognize vdev components, much like software RAID. However, this turns out to not be the case and the modern ZFS on Linux boot process is quite straightforward on systemd systems.

---

LLDB: FreeBSD Legacy Process Plugin Removed

During the past month we’ve successfully removed the legacy FreeBSD plugin and continued improving the new one. We have prepared an implementation of hardware breakpoint and watchpoint support for FreeBSD/AArch64, and iterated over all tests that currently fail on that platform. Therefore, we have concluded the second milestone.

---

FreshBSD 2021

6 weeks ago I created a branch for a significant rework of FreshBSD. Nearly 300 commits later, and just a week shy of our 15th anniversary, the result is what you’re looking at now. I hope you like it.

---

gmid is a gemini server for unixes.

---

Danschmid’s Poudriere Guide now in english

The ports system is one of FreeBSD's greatest advantages for users who want flexibility and control over their software. It enables administrators to easily create and manage source-based installations using a system that is robust and predictable.

---

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

Special Guest: Tom Jones.

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

A Week With Plan 9

I spent the first week of 2021 learning an OS called Plan 9 from Bell Labs. This is a fringe Operating System, long abandoned by it’s original authors. It's also responsible for a great deal of inspiration elsewhere. If you’ve used the Go language, /proc, UTF-8 or Docker, you’ve used Plan 9-designed features. This issue dives into Operating System internals and some moderately hard computer science topics. If that sort of thing isn’t your bag you might want to skip ahead. Normal service will resume shortly.

---

Exploring Swap on FreeBSD

On modern Unix-like systems such as FreeBSD, “swapping” refers to the activity of paging out the contents of memory to a disk and then paging it back in on demand. The page-out activity occurs in response to a lack of free memory in the system: the kernel tries to identify pages of memory that probably will not be accessed in the near future, and copies their contents to a disk for safekeeping until they are needed again. When an application attempts to access memory that has been swapped out, it blocks while the kernel fetches that saved memory from the swap disk, and then resumes execution as if nothing had happened.

News Roundup

How to create a FreeBSD pkg mirror using bastille and poudriere

This a short how-to for creating a FreeBSD pkg mirror using BastilleBSD and Poudriere.

---

How to set up FreeBSD 12 VNET jail with ZFS

How do I install, set up and configure a FreeBSD 12 jail with VNET on ZFS? How can I create FreeBSD 12 VNET jail with /etc/jail.conf to run OpenVPN, Apache, Wireguard and other Internet-facing services securely on my BSD box?
FreeBSD jail is nothing but operating system-level virtualization that allows partitioning a FreeBSD based Unix server. Such systems have their root user and access rights. Jails can use network subsystem virtualization infrastructure or share an existing network. FreeBSD jails are a powerful way to increase security. Usually, you create jail per services such as an Nginx/Apache webserver with PHP/Perl/Python app, WireGuard/OpeNVPN server, MariaDB/PgSQL server, and more. This page shows how to configure a FreeBSD Jail with vnet and ZFZ on FreeBSD 12.x.

---

Creating Comfy FreeBSD Jails Using Standard Tools

Docker has stormed into software development in recent years. While the concepts behind it are powerful and useful, similar tools have been used in systems for decades. FreeBSD’s jails in one of those tools which build upon even older chroot(2) To put it shortly, with these tools, you can make a safe environment separated from the rest of the system.

---

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Chris - USB BSD variant
• Jacob - host wifi through a jail
• Jordan - new tool vs updating existing tool ***
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

This episode was brought to you by

Headlines

BSDCan 2015 videos

• BSDCan just ended last week, but some of the BSD-related presentation videos are already online
• Allan Jude, UCL for FreeBSD
• Andrew Cagney, What happens when a dwarf and a daemon start dancing by the light of the silvery moon?
• Andy Tanenbaum, A reimplementation of NetBSD using a MicroKernel
• Brooks Davis, CheriBSD: A research fork of FreeBSD
• Giuseppe Lettieri, Even faster VM networking with virtual passthrough
• Joseph Mingrone, Molecular Evolution, Genomic Analysis and FreeBSD
• Olivier Cochard-Labbe, Large-scale plug&play x86 network appliance deployment over Internet
• Peter Hessler, Using routing domains / routing tables in a production network
• Ryan Lortie, a stitch in time: jhbuild
• Ted Unangst, signify: Securing OpenBSD From Us To You
• Many more still to come... ***

Documenting my BSD experience

• Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try
• "That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in."
• In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks
• The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)
• You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into
• He's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon
• His second post explores replacing the firewall on his self-described "over complicated home network" with an OpenBSD box
• After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing
• All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand
• Getting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve ***

PC-BSD tries HardenedBSD builds

• The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated
• They're not the first major FreeBSD-based project to offer an alternate build - OPNsense did that a few weeks ago - but this might open the door for more projects to give it a try as well
• With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't have
• Time will tell if more projects and products like FreeNAS might be interested too ***

C-states in OpenBSD

• People who run BSD on their notebooks, you'll want to pay attention to this one
• OpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power mode
• According to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life
• If you're running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings ***

NetBSD at Open Source Conference 2015 Hokkaido

• The Japanese NetBSD users group never sleeps, and they've hit yet another open source conference
• As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)
• We'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms ***

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

Recent improvements to OpenBSD's dpb tool

News Roundup

Introducing xhyve, bhyve on OS X

• We've talked about FreeBSD's "bhyve" hypervisor a lot on the show, and now it's been ported to another OS
• As the name "xhyve" might imply, it's a port of bhyve to Mac OS X
• Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future
• It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer
• There are also a few examples on how to use it ***

4K displays on DragonFlyBSD

• If you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fine
• Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas
• Some GUI applications might look weird on such a huge resolution,
• HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience ***

Sandboxing port daemons on OpenBSD

• We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatment
• This blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn't chroot by default
• It goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it
• With a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots ***

SmallWall 1.8.2 released

• SmallWall is a relatively new BSD-based project that we've never covered before
• It's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits
• They've just released the first official version, so you can give it a try now
• If you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks... ***

Feedback/Questions

• David writes in
• Brian writes in
• Dan writes in
• Joel writes in
• Steve writes in ***

This episode was brought to you by

Headlines

Xen dom0 in FreeBSD 11-CURRENT

• FreeBSD has just gotten dom0 support for the Xen hypervisor, something NetBSD has had for a while now
• The ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base
• It's currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we'll likely see it when 11.0 comes out
• How will this affect interest in Bhyve? ***

A tale of two educational moments

• Here we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project
• It's split into two stories: one that could've gone better, and one that went really well
• For the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies
• Experience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours - but wasn't so encouraging about getting it committed
• In the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user's workflow considerably with just a few tips
• The lesson to take away from this is that we can all help out to encourage and assist new users - everyone was a newbie once ***

What's coming in NetBSD 7

• We first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn't been released and there hasn't been much public info about it
• This blog post outlines some of the bigger features that we can expect to see when it actually does come out
• Their total platform count is now over 70, so you'd be hard-pressed to find something that it doesn't run on
• There have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards)
• Many ARM boards now have full SMP support
• Clang has also finally made its way into the base system, something we're glad to see, and it should be able to build the base OS on i386, AMD64 and ARM - other architectures are still a WIP
• In the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc
• NetBSD's in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0
• Looking to the future, NetBSD hopes to integrate a stable ZFS implementation later on ***

OpenZFS office hours

• We mentioned a couple weeks back that the OpenZFS office hours series was starting back up
• They've just uploaded the recording of their most recent freeform discussion, with Justin Gibbs being the main presenter
• In it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more ***

Interview - Baptiste Daroussin - bapt@freebsd.org

Packaging the FreeBSD base system with pkgng

Discussion

Packaging the FreeBSD base system with pkgng (follow-up)

Feedback/Questions

• Jeff writes in
• Anonymous writes in
• Alex writes in
• Joris writes in ***

Mailing List Gold

• ok feedback@ ***

This episode was brought to you by

Headlines

EuroBSDCon 2015 call for papers

• The call for papers has been announced for the next EuroBSDCon, which is set to be held in Sweden this year
• According to their site, the call for presentation proposals period will start on Monday the 23rd of March until Friday the 17th of April
• If giving a full talk isn't your thing, there's also a call for tutorials - if you're comfortable teaching other people about something BSD-related, this could be a great thing too
• You're not limited to one proposal - several speakers gave multiple in 2014 - so don't hesitate if you've got more than one thing you'd like to talk about
• We'd like to see a more balanced conference schedule than BSDCan's having this year, but that requires effort on both sides - if you're doing anything cool with any BSD, we'd encourage you submit a proposal (or two)
• Check the announcement for all the specific details and requirements
• If your talk gets accepted, the conference even pays for your travel expenses ***

Making security sausage

• Ted Unangst has a new blog post up, detailing his experiences with some recent security patches both in and out of OpenBSD
• "Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!"
• The post first takes us through a few OpenBSD errata patches, explaining how some can get fixed very quickly, but others are more complicated and need a bit more review
• It also covers security in upstream codebases, and how upstream projects sometimes treat security issues as any other bug
• Following that, it leads to the topic of FreeType - and a much more complicated problem with backporting patches between versions
• The recent OpenSSL vulnerabilities were also mentioned, with an interesting story to go along with them
• Just 45 minutes before the agreed-upon announcement, OpenBSD devs found a problem with the patch OpenSSL planned to release - it had to be redone at the last minute
• It was because of this that FreeBSD actually had to release a security update to their security update
• He concludes with "My number one wish would be that every project provide small patches for security issues. Dropping enormous feature releases along with a note 'oh, and some security too' creates downstream mayhem." ***

Running FreeBSD on the server, a sysadmin speaks

• More BSD content is appearing on mainstream technology sites, and, more importantly, BSD Now is being mentioned
• ITWire recently did an interview with Allan about running FreeBSD on servers (possibly to go with their earlier interview with Kris about desktop usage)
• They discuss some of the advantages BSD brings to the table for sysadmins that might be used to Linux or some other UNIX flavor
• It also covers specific features like jails, ZFS, long-term support, automating tasks and even… what to name your computers
• If you've been considering switching your servers over from Linux to FreeBSD, but maybe wanted to hear some first-hand experience, this is the article for you ***

NetBSD ported to Hardkernel ODROID-C1

• In their never-ending quest to run on every new board that comes out, NetBSD has been ported to the Hardkernel ODROID-C1
• This one features a quad-core ARMv7 CPU at 1.5GHz, has a gig of ram and gigabit ethernet... all for just $35
• There's a special kernel config file for this board's hardware, available in both -current and the upcoming 7.0
• More info can be found on their wiki page
• After this was written, basic framebuffer console support was also committed, allowing a developer to run XFCE on the device ***

Interview - Bernard Spil - brnrd@freebsd.org / @sp1l

LibreSSL adoption in FreeBSD ports and the wider software ecosystem

News Roundup

Monitoring pf logs with Gource

• If you're using pf on any of the BSDs, maybe you've gotten bored of grepping logs and want to do something more fancy
• This article will show you how to get set up with Gource for a cinematic-like experience
• If you've never heard of Gource, it's "an OpenGL-based 3D visualization tool intended for visualizing activity on source control repositories"
• When you put all the tools together, you can end up with some pretty eye-catching animations of your firewall traffic
• One of our listeners wrote in to say that he set this up and, almost immediately, noticed his girlfriend's phone had been compromised - graphical representations of traffic could be useful for detecting suspicious network activity ***

pkgng 1.5.0 alpha1 released

• The development version of pkgng was updated to 1.4.99.14, or 1.5.0 alpha1
• This update introduces support for provides/requires, something that we've been wanting for a long time
• It will also now print which package is the reason for direct dependency change
• Another interesting addition is the "pkg -r" switch, allowing cross installation of packages
• Remember this isn't the stable version, so maybe don't upgrade to it just yet on any production systems
• DragonFly will also likely pick up this update once it's marked stable ***

Welcome to OpenBSD

• We mentioned last week that our listener Brian was giving a talk in the Troy, New York area
• The slides from that talk are now online, and they've been generating quite a bit of discussion online
• It's simply titled "Welcome to OpenBSD" and gives the reader an introduction to the OS (and how easy it is to get involved with contributing)
• Topics include a quick history of the project, who the developers are and what they do, some proactive security techniques and finally how to get involved
• As you may know, NetBSD has almost 60 supported platforms and their slogan is "of course it runs NetBSD" - Brian says, with 17 platforms over 13 CPU architectures, "it probably runs OpenBSD"
• No matter which BSD you might be interested in, these slides are a great read, especially for any beginners looking to get their feet wet
• Try to guess which font he used... ***

BSDTalk episode 252

• And somehow Brian has snuck himself into another news item this week
• He makes an appearance in the latest episode of BSD Talk, where he chats with Will about running a BSD-based shell provider
• If that sounds familiar, it's probably because we did the same thing, albeit with a different member of their team
• In this interview, they discuss what a shell provider does, hardware requirements and how to weed out the spammers in favor of real people
• They also talk a bit about the community aspect of a shared server, as opposed to just running a virtual machine by yourself ***

Feedback/Questions

• Christian writes in
• Stefan writes in
• Possnfiffer writes in
• Ruudsch writes in
• Shane writes in ***

Mailing List Gold

• Accidental support
• Larry's tears
• The boy who sailed with BSD ***

This episode was brought to you by

Headlines

AsiaBSDCon 2015 schedule

• Almost immediately after we finished recording an episode last week, the 2015 AsiaBSDCon schedule went up
• This year's conference will be between 12-15 March at the Tokyo University of Science in Japan
• The first and second days are for tutorials, as well as the developer summit and vendor summit
• Days four and five are the main event with the presentations, which Kris and Allan both made the cut for once again
• Not counting the ones that have yet to be revealed (as of the day we're recording this), there will be thirty-six different talks in all - four BSD-neutral, four NetBSD, six OpenBSD and twenty-two FreeBSD
• Summaries of all the presentations are on the timetable page if you scroll down a bit ***

FreeBSD foundation updates and more

• The FreeBSD foundation has posted a number of things this week, the first of which is their February 2015 status update
• It provides some updates on the funded projects, including PCI express hotplugging and FreeBSD on the POWER8 platform
• There's a FOSDEM recap and another update of their fundraising goal for 2015
• They also have two new blog posts: a trip report from SCALE13x and a featured "FreeBSD in the trenches" article about how a small typo caused a lot of ZFS chaos in the cluster
• "Then panic ensued. The machine didn't panic -- I did." ***

OpenBSD improves browser security

• No matter what OS you run on your desktop, the most likely entry point for an exploit these days is almost certainly the web browser
• Ted Unangst writes in to the OpenBSD misc list to introduce a new project he's working on, simply titled "improving browser security"
• He gives some background on the W^X memory protection in the base system, but also mentions that some applications in ports don't adhere to it
• For it to be enforced globally instead of just recommended, at least one browser (or specifically, one JIT engine) needs to be fixed to use it
• "A system that is 'all W^X except where it's not' is the same as a system that's not W^X. We've worked hard to provide a secure foundation for programs; we'd like to see them take advantage of it."
• The work is being supported by the OpenBSD foundation, and we'll keep you updated on this undertaking as more news about it is released
• There's also some discussion on Hacker News and Undeadly about it ***

NetBSD at Open Source Conference 2015 Tokyo

• The Japanese NetBSD users group has once again invaded a conference, this time in Tokyo
• There's even a spreadsheet of all the different platforms they were showing off at the booth (mostly ARM, MIPS, PowerPC and Landisk this time around)
• If you just can't get enough strange devices running BSD, check the mailing list post for lots of pictures
• Their next target is, as you might guess, AsiaBSDCon 2015 - maybe we'll run into them ***

Interview - Sean Bruno - sbruno@freebsd.org / @franknbeans

Cross-compiling packages with poudriere and QEMU

News Roundup

The Crypto Bone

• The Crypto Bone is a new device that's aimed at making encryption and secure communications easier and more accessible
• Under the hood, it's actually just a Beaglebone board, running stock OpenBSD with a few extra packages
• It includes a web interface for configuring keys and secure tunnels
• The source code is freely available for anyone interested in hacking on it (or auditing the crypto), and there's a technical overview of how everything works on their site
• If you don't want to teach your mom how to use PGP, buy her one of these(?) ***

BSD in the 2015 Google Summer of Code

• For those who don't know, GSoC is a way for students to get paid to work on a coding project for an open source organization
• Good news: both FreeBSD and OpenBSD were accepted for the 2015 event
• FreeBSD has a wiki page of ideas for people to work on
• OpenBSD also has an ideas page where you can see some of the initial things that might be interesting
• If you're a student looking to get involved with BSD development, this might be a great opportunity to even get paid to do it
• Who knows, you may even end up on the show if you work on a cool project
• GSoC will be accepting idea proposals starting March 16th, so you have some time to think about what you'd like to hack on ***

pfSense 2.3 roadmap

• The pfSense team has posted a new blog entry, detailing some of their plans for future versions
• PPTP will finally be deprecated, PHP will be updated to 5.6 and other packages will also get updated to newer versions
• PBIs are scheduled to be replaced with native pkgng packages
• Version 3.0, something coming much later, will be a major rewrite that gets rid of PHP entirely
• Their ultimate goal is for pfSense to be a package you can install atop of a regular FreeBSD install, rather than a repackaged distribution ***

PCBSD 10.1.2 security features

• PCBSD 10.1.2 will include a number of cool security features, some of which are detailed in a new blog post
• A new "personacrypt" utility is introduced, which allows for easy encryption and management of external drives for your home directory
• Going along with this, it also has a "stealth mode" that allows for one-time temporary home directories (but it doesn't self-destruct, don't worry)
• The LibreSSL integration also continues, and now packages will be built with it by default
• If you're using the Life Preserver utility for backups, it will encrypt the remote copy of your files in the next update
• They've also been working on introducing some new options to enable tunneling your traffic through Tor
• There will now be a fully-transparent proxy option that utilizes the switch to IPFW we mentioned last week
• A small disclaimer: remember that many things can expose your true IP when using Tor, so use this option at your own risk if you require full anonymity
• Look forward to Kris wearing a Tor shirt in future episodes ***

Feedback/Questions

• Antonio writes in
• Chris writes in
• Van writes in
• Stu writes in ***

Mailing List Gold

• H
• Pay up, mister Free
• Heritage protected
• Blind leading the blind
• What are the chances ***

This episode was brought to you by

Headlines

Bitrig 1.0 released

• If you haven't heard of it, Bitrig is a fork of OpenBSD that started a couple years ago
• According to their FAQ, some of their goals include: only supporting modern hardware and a limited set of CPU architectures, replacing nearly all GNU tools in base with BSD versions and having better virtualization support
• They've finally announced their first official release, 1.0
• This release introduces support for Clang 3.4, replacing the old GCC, along with libc++ replacing the GNU version
• It also includes filesystem journaling, support for GPT and - most importantly - a hacker-style console with green text on black background
• One of the developers answered some questions about it on Hacker News too ***

Is it time to try BSD?

• Here we get a little peek into the Linux world - more and more people are considering switching
• On a more mainstream tech news site, they have an article about people switching away from Linux and to BSD
• People are starting to get even more suspicious of systemd, and lots of drama in the Linux world is leading a whole new group of potential users over to the BSD side
• This article explores some pros and cons of switching, and features opinions of various users ***

Poudriere 3.1 released

• One of the first things we ever covered on the show was poudriere, a tool with a funny name that's used to build binary packages from FreeBSD ports
• It's come a long way since then, and bdrewery and bapt have just announced a new major version
• This new release features a redesigned web interface to check on the status of your packages
• There are lots of new bulk building options to preserve packages even if some fail to compile - this makes maintaining a production repo much easier
• It also introduces a useful new "pkgclean" subcommand to clean out your repository of packages that aren't needed anymore, and poudriere keeps it cleaner by default as well now
• Check the full release notes for all the additions and bug fixes ***

Firewalling with OpenBSD's pf and pfsync

• A talk by David Gwynne from an Australian conference was uploaded, with the subject matter being pf and pfsync
• He uses pf to manage 60 internal networks with a single firewall
• The talk gives some background on how pf originally came to be and some OpenBSD 101 for the uninitiated
• It also touches on different rulesets, use cases, configuration syntax, placing limits on connections, ospf, authpf, segregating VLANs, synproxy handling and a lot more
• The second half of the presentation focuses on pfsync and carp for failover and redundancy
• With two BSD boxes running pfsync, you can actually patch your kernel and still stay connected to IRC ***

Interview - Patrick Wildt - patrick@bitrig.org / @bitrig

The initial release of Bitrig

News Roundup

Infrastructural enhancements at NYI

• The FreeBSD foundation put up a new blog post detailing some hardware improvements they've recently done
• Their eastern US colocation is hosted at New York Internet, and is used for FTP mirrors, pkgng mirrors, and also as a place for developers to test things
• There've been fourteen machines purchased since July, and now FreeBSD boasts a total of sixty-eight physical boxes there
• This blog post goes into detail about how those servers are used and details some of the network topology ***

The long tail of MD5

• Our friend Ted Unangst is on a quest to replace all instances of MD5 in OpenBSD's tree with something more modern
• In this blog post, he goes through some of the different areas where MD5 still lives, and discovers how easy (or impossible) it would be to replace
• Through some recent commits, OpenBSD now uses SHA512 in some places that you might not expect
• Some other places require a bit more care… ***

DragonFly cheat sheet

• If you've been thinking of trying out DragonFlyBSD lately, this might make the transition a bit easier
• A user-created "cheat sheet" on the website lists some common answers to beginner questions
• The page features a walkthrough of the installer, some shell tips and workarounds for various issues
• At the end, it also has some things that new users can get involved with to help out ***

Experiences with an OpenBSD laptop

• A lot of people seem to be interested in trying out some form of BSD on their laptop, and this article details just that
• The author got interested in OpenBSD mostly because of the security focus and the fact that it's not Linux
• In this blog post, he goes through the steps of researching, installing, configuring, upgrading and finally actually using it on his Thinkpad
• He even gives us a mention as a good place to learn more about BSD, thanks! ***

PC-BSD Updates

• A call for testing of a new update system has gone out
• Conversion to Qt5 for utils has taken place ***

Feedback/Questions

• Chris writes in
• AJ writes in
• Dan writes in
• Jeff writes in ***

Mailing List Gold

• Over 440% faster
• The PF conundrum (edit: Allan misspoke about PF performance during this segment, apologies.)
• Violating bad standards
• apt-get rid of systemd ***

This episode was brought to you by

Headlines

BSDCan schedule, speakers and talks

• This year's BSDCan will kick off on May 14th in Ottawa
• The list of speakers is also out
• And finally the talks everyone's looking forward to
• Lots of great tutorials and talks, spanning a wide range of topics of interest
• Be sure to come by so you can and meet Allan and Kris in person and get BSDCan shirts ***

NYCBSDCon talks uploaded

• The BSD TV YouTube channel has been uploading recordings from the 2014 NYCBSDCon
• Jeff Rizzo's talk, "Releasing NetBSD: So Many Targets, So Little Time"
• Dru Lavigne's talk, "ZFS Management Tools in FreeNAS and PC-BSD"
• Scott Long's talk, "Serving one third of the Internet via FreeBSD"
• Michael W. Lucas' talk, "BSD Breaking Barriers" ***

FreeBSD Journal, issue 2

• The bi-monthly FreeBSD journal's second issue is out
• Topics in this issue include pkg, poudriere, the PBI format, hwpmc and journaled soft-updates
• In less than two months, they've already gotten over 1000 subscribers! It's available on Google Play, iTunes, Amazon, etc
• "We are also working on a dynamic version of the magazine that can be read in many web browsers, including those that run on FreeBSD"
• Check our interview with GNN for more information about the journal ***

OpenSSL, more like OpenSS-Hell

• We mentioned this huge OpenSSL bug last week during all the chaos, but the aftermath is just as messy
• There's been a pretty vicious response from security experts all across the internet and in all of the BSD projects - and rightfully so
• We finally have a timeline of events
• Reactions from ISC, PCBSD, Tarsnap, the Tor project, FreeBSD, NetBSD, oss-sec, PHK, Varnish and Akamai
• pfSense released a new version to fix it
• OpenBSD disabled heartbeat entirely and is very unforgiving of the IETF
• Ted Unangst has two good write-ups about the issue and how horrible the OpenSSL codebase is
• A nice quote from one of the OpenBSD lists: "Given how trivial one-liner fixes such as #2569 have remained unfixed for 2.5+ years, one can only assume that OpenSSL's bug tracker is only used to park bugs, not fix them"
• Sounds like someone else was having fun with the bug for a while too
• There's also another OpenSSL bug that OpenBSD patched - it allows an attacker to inject data from one connection into another
• OpenBSD has also imported the most current version of OpenSSL and are ripping it apart from the inside out - we're seeing a fork in real time ***

Interview - Jim Brown - info@bsdcertification.org

The BSD Certification exams

Tutorial

Building OpenBSD binary packages in bulk

News Roundup

Portable signify

• Back in episode 23 we talked with Ted Unangst about the new "signify" tool in OpenBSD
• Now there's a (completely unofficial) portable version of it on github
• If you want to verify your OpenBSD sets ahead of time on another OS, this tool should let you do it
• Maybe other BSD projects can adopt it as a replacement for gpg and incorporate it into their base systems ***

Foundation goals and updates

• The OpenBSD foundation has reached their 2014 goal of $150,000
• You can check their activities and goals to see where the money is going
• Remember that funding also goes to OpenSSH, which EVERY system uses and relies on everyday to protect their data
• The FreeBSD foundation has kicked off their spring fundraising campaign
• There's also a list of their activities and goals available to read through
• Be sure to support your favorite BSD, whichever one, so they can continue to make and improve great software that powers the whole internet ***

PCBSD weekly digest

• New PBI runtime that fixes stability issues and decreases load times
• "Update Center" is getting a lot of development and improvements
• Lots of misc. bug fixes and updates ***

Feedback/Questions

• There's a reddit thread we wanted to highlight - a user wants to show his friend BSD and why it's great
• Brad writes in
• Sha'ul writes in
• iGibbs writes in
• Matt writes in ***

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• Gabor Pali sent out the October-December 2013 status report to get everyone up to date on what's going on
• The report contains 37 entries and is very very long... various reports from all the different teams under the FreeBSD umbrella, probably too many to even list in the show notes
• Lots of work going on in the ARM world, EC2/Xen and Google Compute Engine are also improving
• Secure boot support hopefully coming [by mid-year](www.itwire.com/business-it-news/open-source/62855-freebsd-to-support-secure-boot-by-mid-year)
• There's quite a bit going on in the FreeBSD world, many projects happening at the same time ***

n2k14 OpenBSD Hackathon Report

• Recently, OpenBSD held one of their hackathons in New Zealand
• 15 developers gathered there to sit in a room and write code for a few days
• Philip Guenther brings back a nice report of the event
• If you've been watching the -current CVS logs, you've seen the flood of commits just from this event alone
• Fixes with threading, Linux compat, ACPI, and various other things - some will make it into 5.5 and others need more testing
• Another report from Theo details his work
• Updates to the random subsystem, some work-in-progress pf fixes, suspend/resume fixes and more signing stuff ***

Four new NetBSD releases

• NetBSD released versions 6.1.3, 6.0.4, 5.2.2 and 5.1.4
• These updates include lots of bug fixes and some security updates, not focused on new features
• You can upgrade depending on what branch you're currently on
• Confused about the different branches? See this graph. ***

The future of open source ZFS development

• On February 11, 2014, Matt Ahrens will be giving a presentation about ZFS
• The talk will be about the future of ZFS and the open source development since Oracle closed the code
• It's in San Jose, California - go if you can! ***

Interview - George Neville-Neil - gnn@freebsd.org / @gvnn3

The FreeBSD Journal

Tutorial

Tracking -STABLE and -CURRENT (OpenBSD)

News Roundup

pfSense news and 2.1.1 snapshots

• pfSense has some snapshots available for the upcoming 2.1.1 release
• They include FreeBSD security fixes as well as some other updates
• There are recordings posted of some of the previous hangouts
• Unfortunately they're only for subscribers, so you'll have to wait until next month when we have Chris on the show to talk about pfSense! ***

FreeBSD on Google Compute Engine

• Recently we mentioned some posts about getting OpenBSD to run on GCE, here's the FreeBSD version
• Nice big fat warning: "The team has put together a best-effort posting that will get most, if not all, of you up and running. That being said, we need to remind you that FreeBSD is being supported on Google Compute Engine by the community. The instructions are being provided as-is and without warranty."
• Their instructions are a little too Linuxy (assuming wget, etc.) for our taste, someone should probably get it updated!
• Other than that it's a pretty good set of instructions on how to get up and running ***

Dragonfly ACPI update

• Sascha Wildner committed some new ACPI code
• There's also a "heads up" to update your BIOS if you experience problems
• Check the mailing list post for all the details ***

PCBSD weekly digest

• 10.0-RC4 users need to upgrade all their packages for 10.0-RC5
• PBIs needed to be rebuilt.. actually everything did
• Help test GNOME 3 so we can get it in the official ports tree
• By the way, I think Kris has an announcement - PCBSD 10.0 is out! ***

Feedback/Questions

• Tony writes in
• Jeff writes in
• Remy writes in
• Nils writes in
• Solomon writes in ***