NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

Serving Netflix Video at 400Gb/s on FreeBSD

Using the FreeBSD RACK TCP Stack

News Roundup

pkgupdate, an OpenBSD script to update packages fast

Plasma System Monitor and FreeBSD

TrueNAS vs FreeNAS (and why you should upgrade!)

Automatically lock screen on OpenBSD using xidle and xlock

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Ben - LightDM with Slick-Greeter.md
• Dave - Cloned Interface.md
• MJ Rodriguez - Sony.md

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv ***

This episode was brought to you by

Headlines

Xen dom0 in FreeBSD 11-CURRENT

• FreeBSD has just gotten dom0 support for the Xen hypervisor, something NetBSD has had for a while now
• The ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base
• It's currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we'll likely see it when 11.0 comes out
• How will this affect interest in Bhyve? ***

A tale of two educational moments

• Here we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project
• It's split into two stories: one that could've gone better, and one that went really well
• For the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies
• Experience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours - but wasn't so encouraging about getting it committed
• In the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user's workflow considerably with just a few tips
• The lesson to take away from this is that we can all help out to encourage and assist new users - everyone was a newbie once ***

What's coming in NetBSD 7

• We first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn't been released and there hasn't been much public info about it
• This blog post outlines some of the bigger features that we can expect to see when it actually does come out
• Their total platform count is now over 70, so you'd be hard-pressed to find something that it doesn't run on
• There have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards)
• Many ARM boards now have full SMP support
• Clang has also finally made its way into the base system, something we're glad to see, and it should be able to build the base OS on i386, AMD64 and ARM - other architectures are still a WIP
• In the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc
• NetBSD's in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0
• Looking to the future, NetBSD hopes to integrate a stable ZFS implementation later on ***

OpenZFS office hours

• We mentioned a couple weeks back that the OpenZFS office hours series was starting back up
• They've just uploaded the recording of their most recent freeform discussion, with Justin Gibbs being the main presenter
• In it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more ***

Interview - Baptiste Daroussin - bapt@freebsd.org

Packaging the FreeBSD base system with pkgng

Discussion

Packaging the FreeBSD base system with pkgng (follow-up)

Feedback/Questions

• Jeff writes in
• Anonymous writes in
• Alex writes in
• Joris writes in ***

Mailing List Gold

• ok feedback@ ***

This episode was brought to you by

Headlines

More conference presentation videos

• Some more of the presentation videos from AsiaBSDCon are appearing online
• Masanobu Saitoh, Developing CPE Routers Based on NetBSD
• Reyk Floeter, VXLAN and Cloud-based Networking with OpenBSD
• Jos Jansen, Adapting OS X to the enterprise
• Pierre Pronchery & Guillaume Lasmayous, Carve your NetBSD <!-- skip to 5:06 for henning trolling -->
• Colin Percival, Everything you need to know about cryptography in 1 hour (not from AsiaBSDCon)
• The "bsdconferences" YouTube channel has quite a lot of interesting older BSD talks too - you may want to go back and watch them if you haven't already ***

OpenBSD PIE enhancements

• ASLR and PIE are great security features that OpenBSD has had enabled by default for a long time, in both the base system and ports, but they have one inherent problem
• They only work with dynamic libraries and binaries, so if you have any static binaries, they don't get the same treatment
• For example, the default shells (and many other things in /bin and /sbin) are statically linked
• In the case of the static ones, you can always predict the memory layout, which is very bad and sort of defeats the whole purpose
• With this and a few related commits, OpenBSD fixes this by introducing static self-relocation
• More and more CPU architectures are being tested and getting support too; this isn't just for amd64 and i386 - VAX users can rest easy
• It'll be available in 5.7 in May, or you can use a -current snapshot if you want to get a slice of the action now ***

FreeBSD foundation semi-annual newsletter

• The FreeBSD foundation publishes a huge newsletter twice a year, detailing their funded projects and some community activities
• As always, it starts with a letter from the president of the foundation - this time it's about encouraging students and new developers to get involved
• The article also has a fundraising update with a list of sponsored projects, and they note that the donations meter has changed from dollars to number of donors (since they exceeded the goal already)
• You can read summaries of all the BSD conferences of 2014 and see a list of upcoming ones next year too
• There are also sections about the FreeBSD Journal's progress, a new staff member and a testimonial from NetApp
• It's a very long report, so dedicate some time to read all the way through it
• This year was pretty great for BSD: both the FreeBSD and OpenBSD foundations exceeded their goals and the NetBSD foundation came really close too
• As we go into 2015, consider donating to whichever BSD you use, it really can make a difference ***

Modernizing OpenSSH fingerprints

• When you connect to a server for the first time, you'll get what's called a fingerprint of the host's public key - this is used to verify that you're actually talking to the same server you intended to
• Up until now, the key fingerprints have been an MD5 hash, displayed as hex
• This can be problematic, especially for larger key types like RSA that give lots of wiggle room for collisions, as an attacker could generate a fake host key that gives the same MD5 string as the one you wanted to connect to
• This new change replaces the default MD5 and hex with a base64-encoded SHA256 fingerprint
• You can add a "FingerprintHash" line in your ssh_config to force using only the new type
• There's also a new option to require users to authenticate with more than one public key, so you can really lock down login access to your servers - also useful if you're not 100% confident in any single key type
• The new options should be in the upcoming 6.8 release ***

Interview - Dan Langille - info@bsdcan.org / @bsdcan

Plans for the BSDCan 2015 conference

News Roundup

Introducing ntimed, a new NTP daemon

• As we've mentioned before in our tutorials, there are two main daemons for the Network Time Protocol - ISC's NTPd and OpenBSD's OpenNTPD
• With all the recent security problems with ISC's NTPd, Poul-Henning Kamp has been working on a third NTP daemon
• It's called "ntimed" and you can try out a preview version of it right now - it's in FreeBSD ports or on Github
• PHK also has a few blog entries about the project, including status updates ***

OpenBSD-maintained projects list

• There was recently a read on the misc mailing list asking about different projects started by OpenBSD developers
• The initial list had marks for which software had portable versions to other operating systems (OpenSSH being the most popular example)
• A developer compiled a new list from all of the replies to that thread into a nice organized webpage
• Most people are only familiar with things like OpenSSH, OpenSMTPD, OpenNTPD and more recently LibreSSL, but there are quite a lot more
• This page also serves as a good history lesson for BSD in general: FreeBSD and others have ported some things over, while a couple OpenBSD tools were born from forks of FreeBSD tools (mergemaster, pkg tools, portscout) ***

Monitoring network traffic with FreeBSD

• If you've ever been curious about monitoring network traffic on your FreeBSD boxes, this forum post may be exactly the thing for you
• It'll show you how to combine the Netflow, NfDump and NfSen suite of tools to get some pretty detailed network stats (and of course put them into a fancy webpage)
• This is especially useful for finding out what was going on at a certain point in time, for example if you had a traffic spike ***

Trapping spammers with spamd

• This is a blog post about OpenBSD's spamd - a spam email deferral daemon - and how to use it for your mail
• It gives some background on the greylisting approach to spam, rather than just a typical host blacklist
• "Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the sender re-attempts mail delivery at a later time, the sender may be allowed to continue the mail delivery conversation."
• The post also shows how to combine it with PF and other tools for a pretty fancy mail setup
• You can find spamd in the OpenBSD base system, or use it with FreeBSD or NetBSD via ports and pkgsrc
• You might also want to go back and listen to BSDTalk episode 68, where Will talks to Bob Beck about spamd ***

Feedback/Questions

• Sean writes in
• Brandon writes in
• Anders writes in
• David writes in
• Kyle writes in ***

Mailing List Gold

• NTP code comparison - 192870 vs. 2898
• NICs have feelings too
• Just think about it ***

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and tutorials

• The 2014 EuroBSDCon videos have been online for over a month, but unannounced - keep in mind these links may be temporary (but we'll mention their new location in a future show and fix the show notes if that's the case) <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Arun Thomas, BSD ARM Kernel Internals <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Ted Unangst, Developing Software in a Hostile Environment <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Martin Pieuchot, Taming OpenBSD Network Stack Dragons <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Henning Brauer, OpenBGPD turns 10 years <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Claudio Jeker, vscsi and iscsid iSCSI initiator the OpenBSD way <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Paul Irofti, Making OpenBSD Useful on the Octeon Network Gear <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Baptiste Daroussin, Cross Building the FreeBSD ports tree <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Boris Astardzhiev, Smartcom’s control plane software, a customized version of FreeBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Michał Dubiel, OpenStack and OpenContrail for FreeBSD platform <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Martin Husemann & Joerg Sonnenberger, Tool-chaining the Hydra, the ongoing quest for modern toolchains in NetBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Taylor R Campbell, The entropic principle: /dev/u?random and NetBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Dag-Erling Smørgrav, Securing sensitive & restricted data <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Peter Hansteen, Building The Network You Need With PF <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Stefan Sperling, Subversion for FreeBSD developers <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Peter Hansteen, Transition to OpenBSD 5.6 <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Ingo Schwarze, Let’s make manuals more useful <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Francois Tigeot, Improving DragonFly’s performance with PostgreSQL <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Justin Cormack, Running Applications on the NetBSD Rump Kernel <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Pierre Pronchery, EdgeBSD, a year later <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Peter Hessler, Using routing domains or tables in a production network <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Sean Bruno, QEMU user mode on FreeBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Kristaps Dzonsons, Bugs Ex Ante <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Yann Sionneau, Porting NetBSD to the LatticeMico32 open source CPU <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Alexander Nasonov, JIT Code Generator for NetBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Masao Uebayashi, Porting Valgrind to NetBSD and OpenBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Marc Espie, parallel make, working with legacy code <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Francois Tigeot, Porting the drm-kms graphic drivers to DragonFly <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• The following talks (from the Vitosha track room) are all currently missing:
• Jordan Hubbard, FreeBSD, Looking forward to another 10 years (but we have another recording)
• Theo de Raadt, Randomness, how arc4random has grown since 1998 (but we have another recording)
• Kris Moore, Snapshots, Replication, and Boot-Environments
• Kirk McKusick, An Introduction to the Implementation of ZFS
• John-Mark Gurney, Optimizing GELI Performance
• Emmanuel Dreyfus, FUSE and beyond, bridging filesystems
• Lourival Vieira Neto, NPF scripting with Lua
• Andy Tanenbaum, A Reimplementation of NetBSD Based on a Microkernel
• Stefano Garzarella, Software segmentation offloading for FreeBSD
• Ted Unangst, LibreSSL
• Shawn Webb, Introducing ASLR In FreeBSD
• Ed Maste, The LLDB Debugger in FreeBSD
• Philip Guenther, Secure lazy binding ***

OpenBSD adopts SipHash

• Even more DJB crypto somehow finds its way into OpenBSD's base system
• This time it's SipHash, a family of pseudorandom functions that's resistant to hash bucket flooding attacks while still providing good performance
• After an initial import and some clever early usage, a few developers agreed that it would be better to use it in a lot more places
• It will now be used in the filesystem, and the plan is to utilize it to protect all kernel hash functions
• Some other places that Bernstein's work can be found in OpenBSD include the ChaCha20-Poly1305 authenticated stream cipher and Curve25519 KEX used in SSH, ChaCha20 used in the RNG, and Ed25519 keys used in signify and SSH ***

FreeBSD 10.1-RELEASE

• FreeBSD's release engineering team likes to troll us by uploading new versions just a few hours after we finish recording an episode
• The first maintenance update for the 10.x branch is out, improving upon a lot of things found in 10.0-RELEASE
• The vt driver was merged from -CURRENT and can now be enabled with a loader.conf switch (and can even be used on a PlayStation 3)
• Bhyve has gotten quite a lot of fixes and improvements from its initial debut in 10.0, including boot support for ZFS
• Lots of new ARM hardware is supported now, including SMP support for most of them
• A new kernel selection menu was added to the loader, so you can switch between newer and older kernels at boot time
• 10.1 is the first to support UEFI booting on amd64, which also has serial console support now
• Lots of third party software (OpenSSH, OpenSSL, Unbound..) and drivers have gotten updates to newer versions
• It's a worthy update from 10.0, or a good time to try the 10.x branch if you were avoiding the first .0 release, so grab an ISO or upgrade today
• Check the detailed release notes for more information on all the changes
• Also take a look at some of the known problems to see if you'll be affected by any of them
• PC-BSD was also updated accordingly with some of their own unique features and changes ***

arc4random - Randomization for All Occasions

• Theo de Raadt gave an updated version of his EuroBSDCon presentation at Hackfest 2014 in Quebec
• The presentation is mainly about OpenBSD's arc4random function, and outlines the overall poor state of randomization in the 90s and how it has evolved in OpenBSD over time
• It begins with some interesting history on OpenBSD and how it became a security-focused OS - in 1996, their syslogd got broken into and "suddenly we became interested in security"
• The talk also touches on how low-level changes can shake up the software ecosystem and third party packages that everyone uses
• There's some funny history on the name of the function (being called arc4random despite not using RC4 anymore) and an overall status update on various platforms' usage of it
• Very detailed and informative presentation, and the slides can be found here
• A great quote from the beginning: "We consider ourselves a community of (probably rather strange) people who work on software specifically for the purpose of trying to make it better. We take a 'whole-systems' approach: trying to change everything in the ecosystem that's under our control, trying to see if we can make it better. We gain a lot of strength by being able to throw backwards compatibility out the window. So that means that we're able to do research and the minute that we decide that something isn't right, we'll design an alternative for it and push it in. And if it ends up breaking everybody's machines from the previous stage to the next stage, that's fine because we'll end up in a happier place." ***

Interview - Justin Cormack - justin@netbsd.org / @justincormack

NetBSD on Xen, rump kernels, various topics

News Roundup

The FreeBSD foundation's biggest donation

• The FreeBSD foundation has a new blog post about the largest donation they've ever gotten
• From the CEO of WhatsApp comes a whopping one million dollars in a single donation
• It also has some comments from the donor about why they use BSD and why it's important to give back
• Be sure to donate to the foundation of whatever BSD you use when you can - every little bit helps, especially for OpenBSD, NetBSD and DragonFly who don't have huge companies supporting them regularly like FreeBSD does ***

OpenZFS Dev Summit 2014 videos

• Videos from the recent OpenZFS developer summit are being uploaded, with speakers from different represented platforms and companies <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Matt Ahrens, opening keynote <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Raphael Carvalho, Platform Overview: ZFS on OSv <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Brian Behlendorf, Platform Overview: ZFS on Linux <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Prakash Surya, Platform Overview: illumos <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Xin Li, Platform Overview: FreeBSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• All platforms, Group Q&A Session <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Dave Pacheco, Manta <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Saso Kiselkov, Compression <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• George Wilson, Performance <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Tim Feldman, Host-Aware SMR <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Pavel Zakharov, Fast File Cloning <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• The audio is pretty poor on all of them unfortunately ***

BSDTalk 248

• Our friend Will Backman is still busy getting BSD interviews as well
• This time he sits down with Matthew Dillon, the lead developer of DragonFly BSD
• We've never had Dillon on the show, so you'll definitely want to give this one a listen
• They mainly discuss all the big changes coming in DragonFly's upcoming 4.0 release ***

MeetBSD 2014 videos

• The presentations from this year's MeetBSD conference are starting to appear online as well <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Kirk McKusick, A Narrative History of BSD <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Jordan Hubbard, FreeBSD: The Next 10 Years <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• Brendan Gregg, Performance Analysis <!-- i wonder if freebsdnews will rip our html again and repost it ^{_^} -->
• The slides can be found here ***

Feedback/Questions

• Dominik writes in
• Steven writes in
• Florian writes in
• Richard writes in
• Kevin writes in ***

Mailing List Gold

• Contributing without code
• Compression isn't a CRIME
• Securing web browsers ***

This episode was brought to you by

Headlines

NetBSD at Hiroshima Open Source Conference

• NetBSD developers are hard at work, putting NetBSD on everything they can find
• At a technology conference in Hiroshima, some developers brought their exotic machines to put on display
• As usual, there are lots of pictures and a nice report from the conference ***

FreeBSD's Linux emulation overhaul

• For a long time, FreeBSD's emulation layer has been based on an ancient Fedora 10 system
• If you've ever needed to install Adobe Flash on BSD, you'll be stuck with all this extra junk
• With some recent work, that's been replaced with a recent CentOS release
• This opens up the door for newer versions of Skype to run on FreeBSD, and maybe even Steam someday ***

pfSense 2.2-BETA

• Big changes are coming in pfSense land, with their upcoming 2.2 release
• We talked to the developer a while back about future plans, and now they're finally out there
• The 2.2 branch will be based on FreeBSD 10-STABLE (instead of 8.3) and include lots of performance fixes
• It also includes some security updates, lots of package changes and updates and much more
• You can check the full list of changes on their wiki ***

NetBSD on the Raspberry Pi

• This article shows how you can install NetBSD on the ever-so-popular Raspberry Pi
• As of right now, you'll need to use a -CURRENT snapshot to do it
• It also shows how to grow the filesystem to fill up an SD card, some pkgsrc basics and how to get some initial things set up
• Can anyone find something that you can't install NetBSD on? ***

Interview - Steve Wills - swills@freebsd.org / @swills

Mentoring new BSD developers

News Roundup

MidnightBSD 0.5 released

• We don't hear a whole lot about MidnightBSD, but they've just released version 0.5
• It's got a round of the latest FreeBSD security patches, driver updates and various small things
• Maybe one of their developers could come on the show sometime and tell us more about the project ***

BSD Router Project 1.52 released

• The newest update for the BSD Router Project is out
• This version is based on a snapshot of 10-STABLE that's very close to 10.1-RELEASE
• It's mostly a bugfix release, but includes some small changes and package updates ***

Configuring a DragonFly BSD desktop

• We've done tutorials on how to set up a FreeBSD or OpenBSD desktop, but maybe you're more interested in DragonFly
• In this post from Justin Sherrill, you'll learn some of the steps to do just that
• He pulled out an old desktop machine, gave it a try and seems to be pleased with the results
• It includes a few Xorg tips, and there are some comments about the possibility of making a GUI DragonFly installer ***

Building a mini-ITX pfSense box

• Another week, another pfSense firewall build post
• This time, the author is installing to a Jetway J7F2, a mini-ITX device with four LAN ports
• He used to be a m0n0wall guy, but wanted to give the more modern pfSense a try
• Lots of great pictures of the hardware, which we always love ***

Feedback/Questions

• Damian writes in
• Jan writes in
• Dale writes in
• Joe writes in
• Bostjan writes in ***

This episode was brought to you by

Headlines

FreeBSD foundation semi-annual newsletter

• The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation
• "In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!"
• It talks about the FreeBSD journal as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT
• The full list of funded projects is included, also with details in the financial reports
• There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• FreeBSD has gotten quite a lot done this quarter
• Changes in the way release branches are supported - major releases will get at least five years over their lifespan
• A new automounter is in the works, hoping to replace amd (which has some issues)
• The CAM target layer and RPC stack have gotten some major optimization and speed boosts
• Work on ZFSGuru continues, with a large status report specifically for that
• The report also mentioned some new committers, both source and ports
• It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
• "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" ***

A new OpenBSD HTTPD is born

• Work has begun on a new HTTP daemon in the OpenBSD base system
• A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
• Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
• It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
• This has the added benefit of the usual, easy-to-understand syntax and privilege separation
• There's a very brief man page online already
• It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
• Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) ***

pkgng 1.3 announced

• The newest version of FreeBSD's second generation package management system has been released, with lots of new features
• It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
• Lots of the code has been sandboxed for extra security
• You'll probably notice some new changes to the UI too, making things more user friendly
• A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday ***

FreeBSD after-install security tasks

• A number of people have written in to ask us "how do I secure my BSD box after I install it?"
• With this blog post, hopefully most of their questions will finally be answered in detail
• It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
• Not only does it just list things to do, but the post also does a good job of explaining why you should do them
• Maybe we'll see some more posts in this series in the future ***

Interview - Brent Cook - bcook@openbsd.org / @busterbcook

LibreSSL's portable version and development

News Roundup

FreeBSD Mastery - Storage Essentials

• MWL's new book about the FreeBSD storage subsystems now has an early draft available
• Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
• Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
• You'll get access to the completed (e)book when it's done if you buy the early draft
• The suggested price is $8 ***

Why BSD and not Linux?

• Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
• Lots of good responses from users of the various BSDs
• Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
• And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
• Some other users share their switching experiences - worth a read ***

More g2k14 hackathon reports

• Following up from last week's huge list of hackathon reports, we have a few more
• Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
• Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
• Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
• Luckily we didn't have to cover 20 new ones this time! ***

BSDTalk episode 243

• The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
• The main topic of discussion is mandoc, which some users might not be familiar with
• mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
• We'll catch up to you soon, Will! ***

Feedback/Questions

• Thomas writes in
• Stephen writes in
• Sha'ul writes in
• Florian writes in
• Bob Beck writes in - and note the "Caution" section that was added to libressl.org ***

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and schedule

• The talks and schedules for EuroBSDCon 2014 are finally revealed
• The opening keynote is called "FreeBSD, looking forward to another 10 years" by jkh
• Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great
• It looks like Theo even has a talk, but the title isn't on the page... how mysterious
• There are also days dedicated to some really interesting tutorials
• Register now, the conference is on September 25-28th in Bulgaria
• If you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen
• Why aren't the videos up from last year yet? Will this year also not have any? ***

FreeNAS vs NAS4Free

• More mainstream news covering BSD, this time with an article about different NAS solutions
• In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free
• Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect
• Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project
• "One is pleasantly functional; the other continues devolving during a journey of pain" - uh oh, who's the loser? ***

Quality software costs money, heartbleed was free

• PHK writes an article for ACM Queue about open source software projects' funding efforts
• A lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc
• The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding
• The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them
• On that subject, "Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software"
• Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive ***

Geoblock evasion with pf and OpenBSD rdomains

• Geoblocking is a way for websites to block visitors based on the location of their IP
• This is a blog post about how to get around it, using pf and rdomains
• It has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that...)
• In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia
• It's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters ***

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

OpenBSD's package system, building cluster, various topics

Tutorial

Keeping your BSD up to date

News Roundup

BoringSSL and LibReSSL

• Yet another OpenSSL fork pops up, this time from Google, called BoringSSL
• Adam Langley has a blog post about it, why they did it and how they're going to maintain it
• You can easily browse the source code
• Theo de Raadt also weighs in with how this effort relates to LibReSSL
• More eyes on the code is good, and patches will be shared between the two projects ***

More BSD Tor nodes wanted

• Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous
• Originally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network
• If one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc.
• The EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year
• Check out our Tor tutorial and help out the network, and promote BSD at the same time! ***

FreeBSD 10 OpenStack images

• OpenStack, to quote Wikipedia, is "a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution."
• The article goes into detail about creating a FreeBSD instant, installing and converting it for use with "bsd-cloudinit"
• The author of the article is a regular listener and emailer of the show, hey! ***

BSDday 2014 call for papers

• BSD Day, a conference not so well-known, is going to be held August 9th in Argentina
• It was created in 2008 and is the only BSD conference around that area
• The "call for papers" was issued, so if you're around Argentina and use BSD, consider submitting a talk
• Sysadmins, developers and regular users are, of course, all welcome to come to the event ***

Feedback/Questions

• Maruf writes in
• Solomon writes in
• Silas writes in
• Bert writes in ***

This episode was brought to you by

Headlines

FreeBSD moves to Bugzilla

• Historically, FreeBSD has used the old GNATS system for keeping track of bug reports
• After years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla
• It offers a lot of advantages, is much more modern and actively maintained and
• There's a new workflow chart for developers to illustrate the new way of doing things
• The old "send-pr" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports)
• This will hopefully make reporting bugs a lot less painful ***

DIY NAS: EconoNAS 2014

• We previously covered this blog last year, but the 2014 edition is up
• More of a hardware-focused article, the author details the parts he's using for a budget NAS
• Details the motherboard, RAM, CPU, hard drives, case, etc
• With a set goal of $500 max, he goes just over it - $550 for all the parts
• Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions ***

DragonflyBSD 3.8 released

• Justin announced the availability of DragonflyBSD 3.8.0
• Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts
• It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions
• Work continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series
• See the release page for more info and check the link for source-based upgrade instructions ***

OpenZFS European conference 2014

• There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure
• Matt Ahrens, Introduction
• Michael Alexander, FhGFS performance on ZFS
• Andriy Gapon, Testing ZFS on FreeBSD
• Luke Marsden, HybridCluster: ZFS in the cloud
• Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS
• Chris George, DDRdrive ZIL accelerator: random write revelation
• Grenville Whelan, High-Availability
• Phil Harman, Harman Holistic
• Mark Rees, Storiant and OpenZFS
• Andrew Holway, EraStor ZFS appliances
• Dan Vâtca, Syneto and OpenZFS
• Luke Marsden, HybridCluster and OpenZFS
• Matt Ahrens, Delphix and OpenZFS
• Check the link for slides and other goodies ***

Interview - Benedict Reuschling - bcr@freebsd.org

BSD documentation, getting commit access, unix education, various topics

News Roundup

Getting to know your portmgr, Steve Wills

• "It is my pleasure to introduce Steve Wills, the newest member of the portmgr team"
• swills is an all-round good guy, does a lot for ports (especially the ruby ports)
• In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more
• He used to work for Red Hat, woah ***

BSDTalk episode 242

• This time on BSDTalk, Will interviews Chris Buechler from pfSense
• Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes
• They also touch on recent concerns in the pfSense community about their license change, that they may be "going commercial" and closing the source - so tune in to find out what their future plans are for all of that ***

Turn old PC hardware into a killer home server

• Lots of us have old hardware lying around doing nothing but collecting dust
• Why not turn that old box into a modern file server with FreeNAS and ZFS?
• This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc)
• Most of our users are already familiar with all of this stuff, nothing too advanced
• Good to see BSD getting some well-deserved attention on a big mainstream site ***

Unbloating the VAX install CD

• After a discussion on the VAX mailing list, something very important came to the attention of the developers...
• You can't boot NetBSD on a VAX box with 16MB of RAM from the CD image
• This blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller
• In the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM... ***

Feedback/Questions

• Thomas writes in
• Reynold writes in
• Bostjan writes in
• Paul writes in
• John writes in ***

This episode was brought to you by

Headlines

BSDCan 2014 talks and reports

• The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links
• Karl Lehenbauer's keynote (he's on next week's episode)
• Mariusz Zaborski and Pawel Jakub Dawidek, Capsicum and Casper (relevant to today's interview)
• Luigi Rizzo, In-kernel OpenvSwitch on FreeBSD
• Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage
• Warner Losh, NAND Flash and FreeBSD
• Simon Gerraty, FreeBSD bmake and Meta Mode
• Bob Beck, LibreSSL - The First 30 Days
• Henning Brauer, OpenBGPD Turns 10 Years Old
• Arun Thomas, BSD ARM Kernel Internals
• Peter Hessler, Using BGP for Realtime Spam Lists
• Pedro Giffuni, Features and Status of FreeBSD's Ext2 Implementation
• Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements
• Daichi Goto, Shellscripts and Commands
• Benno Rice, Keeping Current
• Sean Bruno, MIPS Router Hacking
• John-Mark Gurney, Optimizing GELI Performance
• Patrick Kelsey, Userspace Networking with libuinet
• Massimiliano Stucchi, IPv6 Transitioning Mechanisms
• Roger Pau Monné, Taking the Red Pill
• Shawn Webb, Introducing ASLR in FreeBSD
• There's also a trip report from Peter Hessler and one from Julio Merino
• The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend) ***

Defend your network and privacy with a VPN and OpenBSD

• After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back
• This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities
• There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used
• You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)
• It also includes a few general privacy tips, recommended browser extensions, etc
• The intro to the article is especially great, so give the whole thing a read
• He mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you're watching! ***

You should try FreeBSD

• In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that
• He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two
• Possibly the most useful part is how to address the question "my server already works, why bother switching?"
• "Stackoverflow’s answers assume I have apt-get installed"
• It includes mention of the great documentation, stability, ports, improved security and much more
• A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before" ***

OpenBSD and the little Mauritian contributor

• This is a story about a guy from Mauritius named Logan, one of OpenBSD's newest developers
• Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP
• The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon
• It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem
• Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back ***

Interview - Jon Anderson - jonathan@freebsd.org

Capsicum and Casperd

Tutorial

Encrypting DNS lookups

News Roundup

FreeBSD Journal, May 2014 issue

• The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle
• This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling
• Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read ***

LibreSSL porting update

• Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off
• Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!
• This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example
• Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good ***

BSDMag May 2014 issue is out

• The usual monthly release from BSDMag, covering a variety of subjects
• This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things
• It's a free PDF, go grab it ***

BSDTalk episode 241

• A new episode of BSDTalk is out, this time with Bob Beck
• He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more
• The interview itself isn't about LibreSSL at all, but they do touch on it a bit too
• Really interesting stuff, covers a lot of different topics in a short amount of time ***

Feedback/Questions

• We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the vpnc package seems to be what we were looking for
• Tim writes in
• AJ writes in
• Peter writes in
• Thomas writes in
• Martin writes in ***

This episode was brought to you by

Headlines

FreeBSD 11 goals and discussion

• Something that actually happened at BSDCan this year...
• During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE
• Some of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support
• A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more
• There's also some notes from the devsummit virtualization session, mostly talking about bhyve
• Lastly, he also provides some notes about ports and packages and where they're going ***

An SSH honeypot with OpenBSD and Kippo

• Everyone loves messing with script kiddies, right?
• This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD
• It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely
• You can use this to get new 0day exploits or find weaknesses in your systems
• OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications ***

NetBSD foundation financial report

• The NetBSD foundation has posted their 2013 financial report
• It's a very "no nonsense" page, pretty much only the hard numbers
• In 2013, they got $26,000 of income in donations
• The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else
• Be sure to donate to whichever BSDs you like and use! ***

Building a fully-encrypted NAS with OpenBSD

• Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing
• This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind
• The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected
• The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too
• There's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up! ***

Interview - Brian Callahan & Aaron Bieber - admin@lists.nycbug.org & admin@cobug.org

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

• If you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email
• This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them
• From bad SSH logins to Zabbix alerts, it all adds up quickly
• It highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers ***

Doing cool stuff with OpenBSD routing domains

• A blog post from our viewer and regular emailer, Kjell-Aleksander!
• He manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project
• This is where OpenBSD routing domains and pf come in to save the day
• The blog post goes through the process with all the network details you could ever dream of
• He even named his networking equipment... after us ***

LibreSSL, the good and the bad

• We're all probably familiar with OpenBSD's fork of OpenSSL at this point
• However, "for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk"
• This article talks about some of the cryptographic development challenges involved with maintaining such a massive project
• You need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled
• It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility ***

PCBSD weekly digest

• Lots going on in PCBSD land this week, AppCafe has been redesigned
• The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update
• In the more recent post, there's some further explanation of the PBI system and the reason for the transition
• It's got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion ***

Feedback/Questions

• Antonio writes in
• Daniel writes in
• Sean writes in
• tsyn writes in
• Chris writes in ***

This episode was brought to you by

Headlines

ALTQ removed from PF

• Kicking off our big PF episode...
• The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current
• There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf
• As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping
• After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem
• This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately. ***

FreeBSD Quarterly Status Report

• The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks
• Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added
• We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team
• LOTS of details and LOTS of topics to cover, give it a read ***

OpenBSD's OpenSSL rewrite continues with m2k14

• A mini OpenBSD hackathon begins in Morocco, Africa
• You can follow the changes in the -current CVS log, but a lot of work is mainly going towards the OpenSSL cleaning
• We've got two trip reports so far, hopefully we'll have some more to show you in a future episode
• You can see some of the more interesting quotes from the tear-down or see everything
• Apparently they are going to call the fork "LibreSSL" ....
• What were the OpenSSL developers thinking? The RSA private key was used to seed the entropy!
• We also got some mainstream news coverage and another post from Ted about the history of the fork
• Definitely consider donating to the OpenBSD foundation, this fork will benefit all the other BSDs too ***

NetBSD 6.1.4 and 6.0.5 released

• New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes
• The main update is - of course - the heartbleed vulnerability
• Also includes fixes for other security issues and even a kernel panic... on Atari
• Patch your Ataris right now, this is serious business ***

Interview - Peter Hansteen - peter@bsdly.net / @pitrh

The Book of PF: 3rd edition

Tutorial

BSD Firewalls: PF

News Roundup

New Xorg now the default in FreeBSD

• For quite a while now, FreeBSD has had two versions of X11 in ports
• The older, stable version was the default, but you could install a newer one by having "WITH_NEW_XORG" in /etc/make.conf
• They've finally made the switch for 10-STABLE and 9-STABLE
• Check this wiki page for more info ***

GSoC-accepted BSD projects

• The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned
• OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon
• The FreeBSD list was also posted
• Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more
• Good luck to all the students participating, hopefully they become full time BSD users ***

Complexity of FreeBSD VFS using ZFS as an example

• HybridCluster posted the second part of their VFS and ZFS series
• This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy
• Of course, also watch episode 24 for our interview with HybridCluster - they do really interesting stuff ***

PCBSD weekly digest

• Preload has been ported over, it's a daemon that prefetches applications
• PCBSD is developing their own desktop environment, Lumina (there's also an FAQ)
• It's still in active development, but you can try it out by installing from ports
• We'll be showing a live demo of it in a few weeks (when development settles down a bit)
• Some kid in Australia subjects his poor mother to being on camera while she tries out PCBSD and gives her impressions of it ***

This episode was brought to you by

Headlines

Preorders for cool BSD stuff

• The 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder
• We talked to GNN briefly about it, but he and Kirk have apparently finally finished the book
• "For many years, The Design and Implementation of the FreeBSD Operating System has been recognized as the most complete, up-to-date, and authoritative technical guide to FreeBSD's internal structure. Now, this definitive guide has been extensively updated to reflect all major FreeBSD improvements between Versions 5 and Versions 11"
• OpenBSD 5.5 preorders are also up, so you can buy a CD set now
• You can help support the project, and even get the -release of the OS before it's available publicly
• 5.5 is a huge release with lots of big changes, so now is the right time to purchase one of these - tell Austin we sent you! ***

pkgsrcCon 2014 CFP

• This year's pkgsrcCon is in London, on June 21st and 22nd
• There's a Call For Papers out now, so you can submit your talks
• Anything related to pkgsrc is fine, it's pretty informal
• Does anyone in the audience know if the talks will be recorded? This con is relatively unknown ***

BSDMag issue for March 2014

• The monthly BSD magazine releases its newest issue
• Topics this time include: deploying NetBSD using AWS EC2, creating a multi-purpose file server with NetBSD, DragonflyBSD as a backup server, more GIMP lessons, network analysis with wireshark and a general security article
• The Linux article trend seems to continue... hmm ***

Non-ECC RAM in FreeNAS

• We've gotten a few questions about ECC RAM with ZFS
• Here we've got a surprising blog post about why someone did not go with ECC RAM for his NAS build
• The article mentions the benefits of ECC and admits it is a better choice in nearly all instances, but unfortunately it's not very widespread in consumer hardware motherboards and it's more expensive
• Regular RAM also has "special" issues with ZFS and pool corruption
• Long post, so check out the whole thing if you've been considering your memory options and weighing the benefits ***

Interview - Pierre Pronchery - khorben@edgebsd.org / @khorben

EdgeBSD (slides)

Tutorial

Building an OpenBSD desktop

News Roundup

Getting to know your portmgr-lurkers

• This week we get to hear from Frederic Culot, colut@
• Originally an OpenBSD user from France, Frederic joined as a ports committer in 2010 and recently joined the portmgr lurkers team
• "FreeBSD is also one of my sources of inspiration when it comes to how organizations behave and innovate, and I find it very interesting to compare FreeBSD with the for-profit companies I work for"
• We get to find out a little bit about him, why he loves FreeBSD and what he does for the project ***

NetBSD on the Playstation 2

• Who doesn't want to run NetBSD on their old PS2?
• The PS2 port of NetBSD was sadly removed in 2009, but it has been revived
• It's using a slightly unusual MIPS CPU that didn't have much GCC support
• Hopefully a bootable kernel will be available soon ***

The FreeBSD Challenge update

• Our friend from the Linux Foundation continues his FreeBSD switching journey
• This time he starts off by discovering virtual machines suck at keeping accurate time, and some ports weren't working because of his clock being way off
• After polling the IRC for help, he finally learns the difference between ntpdate and ntpd and both of their use cases
• Maybe he should've just read our NTP tutorial! ***

PCBSD weekly digest

• The mount tray icon got lots of updates and fixes
• The faulty distribution server has finally been tracked down and... destroyed
• New language localization project is in progress
• Many many updates to ports and PBIs, new -STABLE builds ***

Feedback/Questions

• Antonio writes in
• Patrick writes in
• Chris writes in
• Ron writes in
• Tyler writes in ***

This episode was brought to you by

Headlines

Using OpenSSH Certificate Authentication

• SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using
• They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that
• There's the benefit of not needing a known_hosts file or authorized_users file anymore
• The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication ***

Back to FreeBSD, a new series

• Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
• "So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10"
• He's starting off with PCBSD since it's easy to get working with dual graphics
• Should be a fun series to follow! ***

OpenBSD's recent experiments in package building

• If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb
• Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
• This article goes through some of his findings and plans for future versions that increase performance
• We'll be showing a tutorial of dpb on the show in a few weeks ***

Securing FreeBSD with 2FA

• So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
• This post walks us through the process of locking down an ssh server with 2FA
• With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections ***

Interview - Gleb Kurtsou - gleb.kurtsou@gmail.com

PEFS (security audit results here)

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

• Registration is finally open!
• The prices are available along with a full list of presentations
• Tutorial sessions for various topics as well
• You have to go ***

Big changes for OpenBSD 5.6

• Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
• OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
• They've also imported nginx into base a few years ago, but now have finally removed Apache
• Sendmail is also no longer the default MTA, OpenSMTPD is the new default
• Will BIND be removed next? Maybe so
• They've also discontinued the hp300, mvme68k and mvme88k ports ***

Getting to know your portmgr lurkers

• The "getting to know your portmgr" series makes its return
• This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
• How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by"
• Mentions why he's still heavily involved with the project and lots more ***

PCBSD weekly digest

• Work has started to port Pulseaudio to PCBSD 10.0.1
• There's a new "pc-mixer" utility being worked on for sound management as well
• New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
• PCBSD 10.0.1 was released too ***

Feedback/Questions

• Alex writes in
• Ben writes in
• Nick writes in
• Sami writes in
• Christopher writes in ***

This episode was brought to you by

Headlines

Tailoring OpenBSD for an old, strange computer

• The author of this article had an OmniBook 800CT, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU
• Obviously he had to install some kind of BSD on it!
• This post goes through all his efforts of trimming down OpenBSD to work on such a limited device
• He goes through the trial and error of "compile, break it, rebuild, try again"
• After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working ***

pkgsrcCon and BSDCan

• pkgsrccon is "a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure"
• This year it will be on June 21st and 22nd
• The schedule is still being worked out, so if you want to give a talk, submit it
• BSDCan's schedule was also announced
• We'll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more
• Kris' presentation was accepted!
• Tons of topics, look forward to the recorded versions of all of them hopefully! ***

Two factor auth with pushover

• A new write-up from our friend Ted Unangst
• Pushover is "a web hook to smartphone push notification gateway" - you sent a POST to a web server and it sends a code to your phone
• His post goes through the steps of editing your login.conf and setting it all up to work
• Now you can get a two factor authenticated login for ssh! ***

The status of GNOME 3 on BSD

• It's no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems
• OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use
• This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast
• A few recent posts from some GNOME developers show that they're finally working with the BSD guys to improve portability
• The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us - it's a beautiful thing
• This goes right along with our interview today! ***

Interview - Joe Marcus Clark - marcus@freebsd.org

The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics

Tutorial

The FreeBSD Ports Collection

News Roundup

DragonflyBSD 3.8 goals and 3.6.1 release

• The Dragonfly team is thinking about what should be in version 3.8
• On their bug tracker, it lists some of the things they'd like to get done before then
• In the meantime, 3.6.1 was released with lots of bugfixes ***

NYCBSDCon 2014 wrap-up piece

• We've got a nice wrap-up titled "NYCBSDCon 2014 Heats Up a Cold Winter Weekend"
• The author also interviews GNN about the conference
• There's even a little "beginner introduction" to BSD segment
• Includes a mention of the recently-launched journal and lots of pictures from the event ***

FreeBSD and Linux, a comparative analysis

• GNN in yet another story - he gave a presentation at the NYLUG about the differences between FreeBSD and Linux
• He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs "distros," development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences
• Serves as a good introduction you can show your Linux friends ***

PCBSD CFT and weekly digest

• Upgrade tools have gotten a major rewrite
• You have to help test it, there is no choice! Read more here
• How dare Kris be "unimpressed with" freebsd-update and pkgng!?
• Various updates and fixes ***

Feedback/Questions

• Jeffrey writes in
• Shane writes in
• Ferdinand writes in
• Curtis writes in
• Clint writes in
• Peter writes in ***

This episode was brought to you by

Headlines

FreeBSD 10 as a firewall

• Back in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead
• Now, with the release of 10.0, he's apparently changed his mind and switched back over
• It mentions the SMP version of pf, general performance advantages and more modern features
• The author is a regular listener of BSD Now, hi Joe! ***

Network Noise Reduction Using Free Tools

• Really long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD
• Peter Hansteen, author of the book of PF, goes through how he uses OpenBSD's spamd and other security features to combat spam and malware
• He goes through his experiences with content filtering and disappointment with a certain proprietary vendor
• Not totally BSD-specific, lots of people can enjoy the article - lots of virus history as well ***

FreeBSD ASLR patches submitted

• So far, FreeBSD hasn't had Address Space Layout Randomization
• ASLR is a nice security feature, see wikipedia for more information
• With a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course)
• We might have Shawn on the show to talk about it, but he's also giving a presentation at BSDCan about his work with ASLR ***

Old-style pkg_ tools retired

• At last the old pkg_add tools are being retired in FreeBSD
• pkgng is a huge improvement, and now portmgr@ thinks it's time to cut the cord on the legacy toolset
• Ports aren't going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go
• All pkg_ tools will be considered unsupported on September 1, 2014 - even on older branches ***

Interview - Luke Marsden - luke@hybridcluster.com / @lmarsden

BSD at HybridCluster

Tutorial

Filesharing with chrooted SFTP

News Roundup

FreeBSD on OpenStack

• OpenStack is a cloud computing project
• It consists of "a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API."
• Until now, there wasn't a good way to run a full BSD instance on OpenStack
• With a project in the vein of Colin Percival's AWS startup scripts, now that's no longer the case! ***

FOSDEM BSD videos

• This year's FOSDEM had seven BSD presentations
• The videos are slowly being uploaded for your viewing pleasure
• Not all of the BSD ones are up yet, but by the time you're watching this they might be!
• Check this directory for most of 'em
• The BSD dev room was full, lots of interest in what's going on from the other communities ***

The FreeBSD challenge finally returns!

• Due to prodding from a certain guy of a certain podcast, the "FreeBSD Challenge" series has finally resumed
• Our friend from the Linux foundation picks up with day 11 and day 12 on his switching from Linux journey
• This time he outlines the upgrade process of going from 9 to 10, using freebsd-update
• There's also some notes about different options for upgrading ports and some extra tips ***

PCBSD weekly digest

• After the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while
• During their "fine tuning phase" users are encouraged to submit any and all bugs via the trac system
• Warden got some fixes and the package manager got some updates as well
• Huge size reduction in PBI format ***

Feedback/Questions

• Derrick writes in
• Sean writes in
• Patrick writes in
• Peter writes in
• Sean writes in ***

This episode was brought to you by

Headlines

OpenBSD automatic installation

• A CFT (call for testing) was posted for OpenBSD's new automatic installer process
• Using this new system, you can spin up fully-configured OpenBSD installs very quickly
• It will answer all the questions for you and can put files into place and start services
• Great for large deployments, help test it and report your findings ***

FreeNAS install guide and blog posts

• A multipart series on YouTube about installing FreeNAS
• In part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware
• In part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools
• He pronounces gigabytes as jiggabytes and it's hilarious
• We've also got an unrelated blog post about a very satisfied FreeNAS user who details his setup
• As well as another blog post from our old pal Devin Teske about his recent foray into the FreeNAS development world ***

FreeBSD 10.0-RC5 is out

• Another, unexpected RC is out for 10.0
• Minor fixes included, please help test and report any bugs
• You can update via freebsd-update or from source
• Hopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about
• It's been tagged -RELEASE in SVN already too! ***

OpenBSD 5.5-beta is out

• Theo updated the branch status to 5.5-beta
• A list of changes
• Help test and report any bugs you find
• Lots of rapid development with signify (which we mentioned last week), the beta includes some "test keys"
• Does that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon) ***

Interview - Neel Natu & Peter Grehan - neel@freebsd.org & grehan@freebsd.org

BHyVe - the BSD hypervisor

Tutorial

Virtualization with bhyve

News Roundup

Hostname canonicalisation in OpenSSH

• Blog post from our friend Damien Miller
• This new feature allows clients to canonicalize unqualified domain names
• SSH will know if you typed "ssh bsdnow" you meant "ssh bsdnow.tv" with new config options
• This will help clean up some ssh configs, especially if you have many hosts
• Should make it into OpenSSH 6.5, which is "due really soon" ***

Dragonfly on a Chromebook

• Some work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook
• These couple of posts detail some of the things he's got working so far
• Changes were needed to the boot process, trackpad and wifi drivers needed updating...
• Also includes a guide written by Dillon on how to get yours working ***

Spider in a box

• "Spiderinabox" is a new OpenBSD-based project
• Using a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X
• Firefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way
• The developer is looking for testers on other operating systems! ***

PCBSD weekly digest

• PCBSD 10 has entered into the code freeze phase
• They're focusing on fixing bugs now, rather than adding new features
• The update system got a lot of improvements
• PBI load times reduced by up to 40%! what!!! ***

Feedback/Questions

• Scott writes in
• Chris writes in
• SW writes in
• Ole writes in
• Gertjan writes in ***

Headlines

Faces of FreeBSD

• The FreeBSD foundation is publishing articles on different FreeBSD developers
• This one is about Colin Percival (cperciva@), the ex-security officer
• Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
• Running series with more to come ***

Lots of BSD presentation videos uploaded

• EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL's presentation video
• Most of us never get to see the dev summit talks since they're only for developers
• AsiaBSDCon 2013 videos also up finally
• List of AsiaBSDCon presentation topics here
• Our buddy Michael W Lucas gave an "OpenBSD for Linux users" talk at a Michigan Unix Users Group.
• He says "Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff"
• Really informative presentation, pretty long, answers some common questions at the end ***

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

• FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
• Just like in the last years, there will be both a BSD booth and a developer's room
• The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
• If you are in the area or want to go, check the show notes for details
• NYCBSDCon is also accepting papers.
• It'll be in New York City at the beginning of February 2014
• If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff! ***

FreeBSD foundation's year-end fundraising campaign

• The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
• As of today they have raised about half a million dollars, but still have a while to go
• Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
• They are preparing the debut of a new online magazine, the FreeBSD Journal
• Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
• Make your donation today over at freebsdfoundation.org, every little bit helps
• Everyone involved with BSD Now made a donation last year and will do so again this year ***

Interview - Amitai Schlair - schmonz@netbsd.org / @schmonz

The NetBSD Foundation, pkgsrc, future plans

Tutorial

Combining SSH and tmux

• Note: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions. ***

News Roundup

PS4 released

• Sony's Playstation 4 is finally released
• As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
• Link in the show notes contains the full list of BSD software they're using
• Always good to see BSD being so widespread ***

BSD Mag November issue

• Free monthly BSD magazine publishes another issue
• This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
• PDF linked in the show notes ***

pbulk builds made easy

• NetBSD's pbulk tool is similar to poudriere, but for pkgsrc
• While working on updating the documentation, a developer cleaned up quite a lot of code
• He wrote a script that automates pbulk deployment and setup
• The whole setup of a dedicated machine has been reduced to just three commands ***

PCBSD weekly digest

• Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
• Many PC-BSD programs received some necessary bug fixes and updates
• Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM ***

Feedback/Questions

• Peter writes in
• Kjell-Aleksander writes in
• Jordan writes in
• Christian writes in
• entransic writes in ***