NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Roundup Storage and Network Diagnostics

Security Audit of the
Capsicum and bhyve
Subsystems

News Roundup

ZFS on Linux and block IO limits show some limits of being out of the kernel

NetBSD on a ROCK64 Board

Domain Naming

BSDCan 2025 CFP

The Internet Gopher from Minnesota

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

• Brendan - MinIO

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Security, Performance, and Interoperability; Introducing FreeBSD 14

HardenedBSD November 2023 Status Report

News Roundup

How to create a FreeBSD Jail hosting a remote desktop

A sneak Peak

Programming FreeBSD Reading Process Information

Why Unix kernels have grown caches for directory entries 'name caches'

Always learning, Always Teaching

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

• Join us and other BSD Fans in our BSD Now Telegram channel

NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

Using FreeBSD’s pkg-audit

The 20 year old bug that went to Mars

It's rare that you come across a bug so subtle that it can last for two decades. But, that's exactly what has happened with the Lempel-Ziv-Oberhumer (LZO) algorithm. Initially written in 1994, Markus Oberhumer designed a sophisticated and extremely efficient compression algorithm so elegant and well architected that it outperforms zlib and bzip by four or five times their decompression speed.

I was impressed to find out that his LZO algorithm has gone to the planet Mars on NASA devices multiple times! Most recently, LZO has touched down on the red planet within the Mars Curiosity Rover, which just celebrated its first martian anniversary on Tuesday.

In the past few years, LZO has gained traction in file systems as well. LZO can be used in the Linux kernel within btrfs, squashfs, jffs2, and ubifs. A recent variant of the algorithm, LZ4, is used for compression in ZFS for Solaris, Illumos, and FreeBSD.

With its popularity increasing, Lempel-Ziv-Oberhumer has been rewritten by many engineering firms for both closed and open systems. These rewrites, however, have always been based on Oberhumer's core open source implementation. As a result, they all inherited a subtle integer overflow. Even LZ4 has the same exact bug, but changed very slightly.

Because the LZO algorithm is considered a library function, each specific implementation must be evaluated for risk, regardless of whether the algorithm used has been patched. Why? We are talking about code that has existed in the wild for two decades. The scope of this algorithm touches everything from embedded microcontrollers on the Mars Rover, mainframe operating systems, modern day desktops, and mobile phones. Engineers that have used LZO must evaluate the use case to identify whether or not the implementation is vulnerable, and in what format.

News Roundup

FreeBSD on Slimbook -- 14 months of updates

LLDB FreeBSD kernel core dump support

Steam on OpenBSD

Beastie Bits

• [OpenSSH Agent Restriction](http://undeadly.org/cgi?action=article;sid=20211220061017)
• [OpenBSD’s Clang upgraded to version 13](http://undeadly.org/cgi?action=article;sid=20211220060327)
• [Cool, but obscure X11 tools](http://cyber.dabamos.de/unix/x11/)

Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

  ---

NOTES
This episode of BSDNow is brought to you by Tarsnap

Headlines

FreeBSD quarterly status report for Q4 2020

Block spammers/abusive IPs with Pf-badhost in OpenBSD. A 'must have' security tool!

Pf-badhost is a very practical, robust, stable and lightweight security script for network servers.
It's compatible with BSD based operating systems such as {Open,Free,Net,Dragonfly}BSD and MacOS. It prevents potentially-bad IP addresses that could possibly attack your servers (and waste your bandwidth and fill your logfiles), by blocking all those IPs contacting your server, and therefore it makes your server network/resources lighter and the logs of important services running on your server become simpler, more readable and efficient.

---

News Roundup

Bastille Port Redirection and Persistence

Bastille supports redirecting (rdr) ports from the host system into target containers. This port redirection is commonly used when running Internet services such as web servers, dns servers, email and many others. Any service you want to make public outside of your cluster will likely require port redirection (with some exceptions, see below).

---

FreeBSD Wall Display Computer

I've recently added a wall mounted 30" monitor for Grafana in my home. I can highly recommend doing the same, especially in a world where more work from home is becoming the norm.

---

The etymology of command-line tools

---

GhostBSD 21.01.15 Release Notes

I am happy to announce the availability of the new ISO 21.01.15. This new ISO comes with a clean-up of packages that include removing LibreOffice and Telegram from the default selection. We did this to bring the zfs RW live file systems to run without problem on 4GB of ram machine. We also removed the UFS full disk option from the installer. Users can still use custom partitions to setup UFS partition, but we discourage it. We also fixed the Next button's restriction in the custom partition related to some bug that people reported. We also fix the missing default locale setup and added the default setup for Linux Steam, not to forget this ISO includes kernel, userland and numerous application updates.

Beastie Bits

• Interview with Brian Kernighan *** ###Tarsnap

• This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

  ---

Headlines

Rethinking OpenBSD Security

OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. I think it’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.
I picked a few errata, not all of them, that were interesting and happened to suit my narrative.

FreeBSD 2020 Q1 Quarterly report

Welcome, to the quarterly reports, of the future! Well, at least the first quarterly report from 2020. The new timeline, mentioned in the last few reports, still holds, which brings us to this report, which covers the period of January 2020 - March 2020.

News Roundup

The Notion of Progress and User Interfaces

One trait of modern Western culture is the notion of progress. A view claiming, at large, everything is getting better and better.

How should we think about progress? Both in general and regarding technology?

Thomas E. Dickey on NetBSD curses

I was recently pointed at a web page on Thomas E. Dickeys site talking about NetBSD curses. It seems initially that the page was intended to be a pointer to some differences between ncurses and NetBSD curses and does appear to start off in this vein but it seems that the author has lost the plot as the document evolved and the tail end of it seems to be devolving into some sort of slanging match. I don't want to go through Mr. Dickey's document point by point, that would be tedious but I would like to pick out some of the things that I believe to be the most egregious. Please note that even though I am a NetBSD developer, the opinions below are my own and not the NetBSD projects.

Making Unix a little more Plan9-like

I’m not really interested in defending anything. I tried out plan9port and liked it, but I have to live in Unix land. Here’s how I set that up.

A Warning

The suckless community, and some of the plan9 communities, are dominated by jackasses. I hope that’s strong enough wording to impress the severity. Don’t go into IRC for help. Stay off the suckless email list. The software is great, the people who write it are well-spoken and well-reasoned, but for some reason the fandom is horrible to everyone.

Not-actually Linux distro review: FreeBSD 12.1-RELEASE

This month's Linux distro review isn't of a Linux distribution at all—instead, we're taking a look at FreeBSD, the original gangster of free Unix-like operating systems.

The first FreeBSD release was in 1993, but the operating system's roots go further back—considerably further back. FreeBSD started out in 1992 as a patch-release of Bill and Lynne Jolitz's 386BSD—but 386BSD itself came from the original Berkeley Software Distribution (BSD). BSD itself goes back to 1977—for reference, Linus Torvalds was only seven years old then.

Before we get started, I'd like to acknowledge something up front—our distro reviews include the desktop experience, and that is very much not FreeBSD's strength. FreeBSD is far, far better suited to running as a headless server than as a desktop! We're going to get a full desktop running on it anyway, because according to Lee Hutchinson, I hate myself—and also because we can't imagine readers wouldn't care about it.

FreeBSD does not provide a good desktop experience, to say the least. But if you're hankering for a BSD-based desktop, don't worry—we're already planning a followup review of GhostBSD, a desktop-focused BSD distribution.

Beastie Bits

• Wifi renewal restarted
• HAMMER2 and a quick start for DragonFly
• Engineering NetBSD 9.0
• Antivirus Protection using OPNsense Plugins
• BSDCan Home Lab Panel recording session: May 5th at 18:00 UTC

BSDNow is going Independent

• After being part of Jupiter Broadcasting since we started back in 2013, BSDNow is moving to become independent. We extend a very large thank you to Jupiter Broadcasting and Linux Academy for hosting us for so many years, and allowing us to bring you over 100 episodes without advertisements. LinuxAcademy is now under new leadership, and we understand that cutbacks needed to be made, and that BSD is not their core product. That does not mean your favourite BSD podcast is going away, we will continue and we expect things will not look much different. What does this mean for you, the listener? Not much will change, just make sure your subscription is via the RSS feed at BSDNow.tv rather than one of the Jupiter Broadcasting feeds. We will update you with more news as things settle out.

Feedback/Questions

• Jordyn - ZFS Pool Problem

  • debug - https://github.com/BSDNow/bsdnow.tv/raw/master/episodes/347/feedback/dbg.txt

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Headlines

Text processing in the shell

This article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it!

One of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc.

When working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool.

Rebalancing data on ZFS mirrors

One of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?”

If you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool.

Don’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term.

News Roundup

Using OpenBSD relayd to Add Security Headers

I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443.

How we set up our ZFS filesystem hierarchy in our ZFS pools

Our long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems.

Speeding up ZSH

https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh

I was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results.

In the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy.

How do Unix Pipes work

Pipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel.

What we do to enable us to grow our ZFS pools over time

In my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are.
Our big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space.

Linux maintains bugs: The real reason ifconfig on Linux is deprecated

In my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8).

In the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system.

Clear Your Terminal in Style

if you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that.

This post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts.

Feedback/Questions

• Guy - AMD GPU Help
• MLShroyer13 - VLANs and Jails
• Master One - ZFS Suspend/resume

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

This episode was brought to you by

Headlines

OpenSMTPD for the whole family

• Setting up a BSD mail server is something a lot of us are probably familiar with doing, at least for our own accounts
• This article talks about configuring a home mail server too, but even for the other people you live with
• After convincing his wife to use their BSD-based Owncloud server for backups, the author talks about moving her over to his brand new OpenSMTPD server too
• If you've ever run a mail server and had to deal with greylisting, you'll appreciate the struggle he went through
• In the end, BGP-based list distribution saved the day, and his family is being served well by a BSD box ***

NetBSD on the Edgerouter Lite

• We've talked a lot about building your own BSD-based router on the show, but not many of the devices we mention are in the same price range as consumer devices
• The EdgeRouter Lite, a small MIPS-powered machine, is starting to become popular (and is a bit cheaper)
• A NetBSD developer has been hacking on it, and documents the steps to get a working install in this blog post
• The process is fairly simple, and you can cross-compile your own installation image on any CPU architecture (even from another BSD!)
• OpenBSD and FreeBSD also have some support for these devices ***

Bitrig at NYC*BUG

• The New York City BSD users group has semi-regular meetings with presentations, and this time the speaker was John Vernaleo
• John discussed Bitrig, an OpenBSD fork that we've talked about a couple times on the show
• He talks about what they've been up to lately, why they're doing what they're doing, difference in supported platforms
• Ports and packages between the two projects are almost exactly the same, but he covers the differences in the base systems, how (some) patches get shared between the two and finally some development model differences ***

OPNsense, meet HardenedBSD

• Speaking of forks, two FreeBSD-based forked projects we've mentioned on the show, HardenedBSD and OPNsense, have decided to join forces
• Backporting their changes to the 10-STABLE branch, HardenedBSD hopes to introduce some of their security additions to the OPNsense codebase
• Paired up with LibreSSL, this combination should offer a good solution for anyone wanting a BSD-based firewall with an easy web interface
• We'll cover more news on the collaboration as it comes out ***

Interview - Mike Larkin - mlarkin@openbsd.org / @mlarkin2012

Memory protections in OpenBSD: W^X, ASLR, PIE, SSP

News Roundup

A closer look at FreeBSD

• The week wouldn't be complete without at least one BSD article making it to a mainstream tech site
• This time, it's a high-level overview of FreeBSD, some of its features and where it's used
• Being that it's an overview article on a more mainstream site, you won't find anything too technical - it covers some BSD history, stability, ZFS, LLVM and Clang, ports and packages, jails and the licensing
• If you have any BSD-curious Linux friends, this might be a good one to send to them ***

Linksys NSLU2 and NetBSD

• The Linksys NSLU2 is a proprietary network-attached storage device introduced back in 2004
• "About 2 months ago I set a goal to run some kind of BSD on the spare Linksys NSLU2 I had. This was driven mostly by curiosity, after listening to a few BSDNow episodes and becoming a regular listener [...]"
• After doing some research, the author of this post discovered that he could cross-compile NetBSD for the device straight from his Linux box
• If you've got one of these old devices kicking around, check out this write-up and get some BSD action on there ***

OpenBSD disklabel templates

• We've covered OpenBSD's "autoinstall" feature for unattended installations in the past, but one area where it didn't offer a lot of customization was with the disk layout
• With a few recent changes, there are now a series of templates you can use for a completely customized partition scheme
• This article takes you through the process of configuring an autoinstall answer file and adding the new section for disklabel
• Combine this new feature with our -stable iso tutorial, and you could deploy completely patched and customized images en masse pretty easily ***

FreeBSD native ARM builds

• FreeBSD -CURRENT builds for the ARM CPU architecture can now be built natively, without utilities that aren't part of base
• Some of the older board-specific kernel configuration files have been replaced, and now the "IMC6" target is used
• This goes along with what we read in the most recent quarterly status report - ARM is starting to get treated as a first class citizen ***

Feedback/Questions

• Sean writes in
• Ron writes in
• Charles writes in
• Bostjan writes in ***

This episode was brought to you by

Headlines

Solaris' networking future is with OpenBSD

• A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
• It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
• For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
• What's more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
• This blog post goes through some of the backstory of the two firewalls
• PF is in a lot of places - other BSDs, Mac OS X and iOS - but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
• "Many of the world's largest corporations and government agencies are heavy Solaris users, meaning that even if you're neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD's PF for their filtering needs, we will all be benefiting even more from the OpenBSD project's emphasis on correctness, quality and security"
• You're welcome, Oracle ***

BAFUG discussion videos

• The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
• Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
• Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
• Lastly, Kip Macy gave a talk titled "network stack changes, user-level FreeBSD"
• The main two subjects there are some network stack changes, and how to get more people contributing, but there's also open discussion about a variety of FreeBSD topics
• If you're close to the Bay Area in California, be sure to check out their group and attend a meeting sometime ***

More than just a makefile

• If you're not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
• This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
• As it turns out, the ports system really isn't that different from a binary package manager - they are what's used to create binary packages, after all
• The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
• After that, he shows you how to get your new port tested, if you're interesting in doing some porting yourself, and getting involved with the rest of the community
• This post is very long and there's a lot more to it, so check it out (and more discussion on Hacker News) ***

Securing your home fences

• Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
• We hear from a lot of users who want to set up some kind of BSD-based firewall, but don't hear back from them after they've done it.. until now
• In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
• He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
• The post covers all the hardware you'll need, getting the OS installed to a flash drive or SD card and going through the whole process
• Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
• If you don't have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
• We love super-detailed guides like this, so everyone should write more and send them to us immediately ***

Interview - Pascal Stumpf - pascal@openbsd.org

Static PIE in OpenBSD

News Roundup

LLVM's new libFuzzer

• We've discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
• It looks like LLVM is going to have their own fuzzing tool too now
• The Clang and LLVM guys are no strangers to this type of code testing, but decided to "close the loop" and start fuzzing parts of LLVM (including Clang) using LLVM itself
• With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future ***

HardenedBSD upgrades secadm

• The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
• We covered both the secadm tool and integriforce in previous episodes, but the short version is that it's a way to prevent files from being altered (even as root)
• Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now ***

RAID5 returns to OpenBSD

• OpenBSD's softraid subsystem, somewhat similar to FreeBSD's GEOM, has had experimental RAID5 support for a while
• However, it was exactly that - experimental - and required a recompile to enable
• With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
• Now it's on by default, and there's a call for testing being put out, so grab a snapshot and put the code through its paces
• The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the "do you want to enable DUIDs?" question entirely ***

pkgng 1.5.0 released

• Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
• The "provides" and "requires" support is finally in a regular release
• A new "-r" switch will allow for direct installation to a chroot or alternate root directory
• Memory usage should be much better now, and some general code speed-ups were added
• This version also introduces support for Mac OS X, NetBSD and EdgeBSD - it'll be interesting to see if anything comes of that
• Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt) ***

p2k15 hackathon reports

• There was another OpenBSD hackathon that just finished up in the UK - this time it was mainly for ports work
• As usual, the developers sent in reports of some of the things they got done at the event
• Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
• Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn't provide any hardware documentation, as well as updating some of the games in ports
• Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all - he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier ***

Feedback/Questions

• Shaun writes in
• Hrishi writes in
• Randy writes in
• Zach writes in
• Ben writes in ***

Mailing List Gold

• Gstreamer hates us
• At least he's honest
• I find myself in a situation ***

This episode was brought to you by

Headlines

MeetBSD 2014 is approaching

• The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California
• MeetBSD has an "unconference" format, which means there will be both planned talks and community events
• All the extra details will be on their site soon
• It also has hotels and various other bits of useful information - hopefully with more info on the talks to come
• Of course, EuroBSDCon is coming up before then ***

First experiences with OpenBSD

• A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"
• The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try
• He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"
• From there, it talks about how he used the OpenBSD USB image and got a fully-working system
• He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration
• Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! ***

NetBSD rump kernels on bare metal (and Kansai OSC report)

• When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right
• However, NetBSD's rump kernels - a very unique concept - make this process a lot easier
• This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week
• Also have a look back at episode 8 for our interview about rump kernels and what exactly they do
• While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight ***

OpenSSL and LibreSSL updates

• OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)
• Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more
• LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them
• Whichever version of whatever SSL you use, make sure it's patched for these issues
• DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT) ***

Interview - Robert Watson - rwatson@freebsd.org

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

• If you use git (like a certain host of this show) then you've probably considered setting up your own server
• This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend
• It even shows you how to set up multiple repos with key-based user separation and other cool things
• The author of the post is also a listener of the show, thanks for sending it in! ***

Backup devices for small businesses

• In this article, different methods of data storage and backup are compared
• After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer
• He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers
• It also goes over some of the hardware specifics in the FreeNAS Mini ***

A new Xenocara interview

• As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara
• If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches
• In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing
• Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there ***

Building a high performance FreeBSD samba server

• If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?
• FreeBSD, ZFS and Samba obviously!
• The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients
• This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)
• It doesn't even require the newest or best hardware with the right changes, pretty cool ***

Feedback/Questions

• An interesting Reddit thread (or two)
• PB writes in
• Sean writes in
• Steve writes in
• Lachlan writes in
• Justin writes in ***

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• FreeBSD has gotten quite a lot done this quarter
• Changes in the way release branches are supported - major releases will get at least five years over their lifespan
• A new automounter is in the works, hoping to replace amd (which has some issues)
• The CAM target layer and RPC stack have gotten some major optimization and speed boosts
• Work on ZFSGuru continues, with a large status report specifically for that
• The report also mentioned some new committers, both source and ports
• It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
• "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" ***

A new OpenBSD HTTPD is born

• Work has begun on a new HTTP daemon in the OpenBSD base system
• A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
• Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
• It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
• This has the added benefit of the usual, easy-to-understand syntax and privilege separation
• There's a very brief man page online already
• It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
• Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) ***

pkgng 1.3 announced

• The newest version of FreeBSD's second generation package management system has been released, with lots of new features
• It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
• Lots of the code has been sandboxed for extra security
• You'll probably notice some new changes to the UI too, making things more user friendly
• A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday ***

FreeBSD after-install security tasks

• A number of people have written in to ask us "how do I secure my BSD box after I install it?"
• With this blog post, hopefully most of their questions will finally be answered in detail
• It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
• Not only does it just list things to do, but the post also does a good job of explaining why you should do them
• Maybe we'll see some more posts in this series in the future ***

Interview - Brent Cook - bcook@openbsd.org / @busterbcook

LibreSSL's portable version and development

News Roundup

FreeBSD Mastery - Storage Essentials

• MWL's new book about the FreeBSD storage subsystems now has an early draft available
• Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
• Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
• You'll get access to the completed (e)book when it's done if you buy the early draft
• The suggested price is $8 ***

Why BSD and not Linux?

• Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
• Lots of good responses from users of the various BSDs
• Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
• And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
• Some other users share their switching experiences - worth a read ***

More g2k14 hackathon reports

• Following up from last week's huge list of hackathon reports, we have a few more
• Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
• Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
• Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
• Luckily we didn't have to cover 20 new ones this time! ***

BSDTalk episode 243

• The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
• The main topic of discussion is mandoc, which some users might not be familiar with
• mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
• We'll catch up to you soon, Will! ***

Feedback/Questions

• Thomas writes in
• Stephen writes in
• Sha'ul writes in
• Florian writes in
• Bob Beck writes in - and note the "Caution" section that was added to libressl.org ***

This episode was brought to you by

Headlines

g2k14 hackathon reports

• Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon
• Lots of work got done - in just the first two weeks of July, there were over 1000 commits to their CVS tree
• Some of the developers wrote in to document what they were up to at the event
• Bob Beck planned to work on kernel stuff, but then "LibreSSL happened" and he spent most of his time working on that
• Miod Vallat also tells about his LibreSSL experiences
• Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!)
• Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)
• Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things
• Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency
• Martin Pelikan integrated read-only ext4 support
• Vadim Zhukov did lots of ports work, including working on KDE4
• Theo de Raadt created a new, more secure system call, "sendsyslog" and did a lot of work with /etc, sysmerge and the rc scripts
• Paul Irofti worked on the USB stack, specifically for the Octeon platform
• Sebastian Benoit worked on relayd filters and IPv6 code
• Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader
• Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection
• Stefan Sperling fixed a lot of issues with wireless drivers
• Florian Obser did many things related to IPv6
• Ingo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface
• Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives
• Matthieu Herrb worked on updating and modernizing parts of xenocara ***

FreeBSD pf discussion takes off

• Concerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the "questions" and "current" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)
• Straight from the SMP FreeBSD pf maintainer: "no one right now [is actively developing pf on FreeBSD]"
• Searching for documentation online for pf is troublesome because there are two incompatible syntaxes
• FreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating
• There's also the issue of importing patches from pfSense, but most of those still haven't been done either
• Lots of disagreement among developers vs. users...
• Many users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested
• Henning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions
• Gleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as "uncorroborated claims" (but neither side has provided any public benchmarks)
• Gleb had to abandon his work on FreeBSD's pf because funding ran out ***

LibreSSL progress update

• LibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago
• Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list
• However, there has already been some drama... with Linux users
• There was a problem with Linux's PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy
• This "problem" doesn't affect OpenBSD's native implementation, only the portable version
• The developers decide to weigh in to calm the misinformation and rage
• A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now - remember to say thanks, guys
• Ted Unangst has a really good post about the whole situation, definitely check it out
• As a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it ***

Preparation for NetBSD 7

• The release process for NetBSD 7.0 is finally underway
• The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September
• If you run NetBSD, that'll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)
• They're also looking for some help updating documentation and fixing any bugs that get reported
• Another formal announcement will be made when the beta binaries are up ***

Interview - Dag-Erling Smørgrav - des@freebsd.org / @RealEvilDES

The role of the FreeBSD Security Officer, recent ports features, various topics

News Roundup

BSDCan ports and packages WG

• Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages
• Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages
• There's also some detail about the signing infrastructure and different mirrors
• Ports people and source people need to talk more often about ABI breakage
• The post also includes information about pkg 1.3, the old pkg tools' EOL, the quarterly stable package sets and a lot more (it's a huge post!) ***

Cross-compiling ports with QEMU and poudriere

• With recent QEMU features, you can basically chroot into a completely different architecture
• This article goes through the process of building ARMv6 packages on a normal X86 box
• Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now
• The poudriere-devel port now has a "qemu user" option that will pull in all the requirements
• Hopefully this will pave the way for official pkgng packages on those lesser-used architectures ***

Cloning FreeBSD with ZFS send

• For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen
• This post shows his entire process in creating a mirror machine, using ZFS for everything
• The "zfs send" and "zfs snapshot" commands really come in handy for this
• He does the whole thing from a live CD, pretty impressive ***

FreeBSD Overview series

• A new blog series we stumbled upon about a Linux user switching to BSD
• In part one, he gives a little background on being "done with Linux distros" and documents his initial experience getting and installing FreeBSD 10
• He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels
• Most of what he was used to on Linux was already in the default FreeBSD (except bash...)
• Part two documents his experiences with pkgng and ports ***

Feedback/Questions

• Bostjan writes in
• Rick writes in
• Clint writes in
• Esteban writes in
• Ben writes in
• Matt sends in pictures of his FreeBSD CD collection ***

This episode was brought to you by

Headlines

pfSense 2.1.4 released

• The pfSense team has released 2.1.4, shortly after 2.1.3 - it's mainly a security release
• Included within are eight security fixes, most of which are pfSense-specific
• OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)
• It also includes a large number of various other bug fixes
• Update all your routers! ***

DragonflyBSD's pf gets SMP

• While we're on the topic of pf...
• Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas
• Stemming from a user's complaint, Matthew Dillon did his own work on pf to make it SMP-aware
• Altering your configuration's ruleset can also help speed things up, he found
• When will OpenBSD, the source of pf, finally do the same? ***

ChaCha usage and deployment

• A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5
• This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20
• OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it
• Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not
• Unfortunately, this article has one mistake: FreeBSD does not use it - they still use the broken RC4 algorithm ***

BSDMag June 2014 issue

• The monthly online BSD magazine releases their newest issue
• This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities
• The free pdf file is available for download as always ***

Interview - Craig Rodrigues - rodrigc@freebsd.org

FreeBSD's continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

• Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures
• In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns
• With signify, now everything is fully downloaded and verified before tar is even invoked
• The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post
• Be sure to also read the original post from Adam, lots of good information ***

FreeBSD 9.3-RC2 is out

• As the -RELEASE inches closer, release candidate 2 is out and ready for testing
• Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things
• The updated bsdconfig will use pkgng style packages now too
• A lesser known fact: there are also premade virtual machine images you can use too ***

pkgsrcCon 2014 wrap-up

• In what may be the first real pkgsrcCon article we've ever had!
• Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event
• Unfortunately no recordings to be found... ***

PostgreSQL FreeBSD performance and scalability

• FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales
• On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings
• Lots of technical details if you're interested in getting the best performance out of your hardware
• It also includes specific kernel options he used and the rest of the configuration
• If you don't want to open the pdf file, you can use this link too ***

Feedback/Questions

• James writes in
• Klemen writes in
• John writes in
• Brad writes in
• Adam writes in ***

This episode was brought to you by

Headlines

EuroBSDCon 2014 talks and schedule

• The talks and schedules for EuroBSDCon 2014 are finally revealed
• The opening keynote is called "FreeBSD, looking forward to another 10 years" by jkh
• Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great
• It looks like Theo even has a talk, but the title isn't on the page... how mysterious
• There are also days dedicated to some really interesting tutorials
• Register now, the conference is on September 25-28th in Bulgaria
• If you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen
• Why aren't the videos up from last year yet? Will this year also not have any? ***

FreeNAS vs NAS4Free

• More mainstream news covering BSD, this time with an article about different NAS solutions
• In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free
• Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect
• Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project
• "One is pleasantly functional; the other continues devolving during a journey of pain" - uh oh, who's the loser? ***

Quality software costs money, heartbleed was free

• PHK writes an article for ACM Queue about open source software projects' funding efforts
• A lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc
• The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding
• The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them
• On that subject, "Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software"
• Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive ***

Geoblock evasion with pf and OpenBSD rdomains

• Geoblocking is a way for websites to block visitors based on the location of their IP
• This is a blog post about how to get around it, using pf and rdomains
• It has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that...)
• In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia
• It's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters ***

Interview - Marc Espie - espie@openbsd.org / @espie_openbsd

OpenBSD's package system, building cluster, various topics

Tutorial

Keeping your BSD up to date

News Roundup

BoringSSL and LibReSSL

• Yet another OpenSSL fork pops up, this time from Google, called BoringSSL
• Adam Langley has a blog post about it, why they did it and how they're going to maintain it
• You can easily browse the source code
• Theo de Raadt also weighs in with how this effort relates to LibReSSL
• More eyes on the code is good, and patches will be shared between the two projects ***

More BSD Tor nodes wanted

• Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous
• Originally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network
• If one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc.
• The EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year
• Check out our Tor tutorial and help out the network, and promote BSD at the same time! ***

FreeBSD 10 OpenStack images

• OpenStack, to quote Wikipedia, is "a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution."
• The article goes into detail about creating a FreeBSD instant, installing and converting it for use with "bsd-cloudinit"
• The author of the article is a regular listener and emailer of the show, hey! ***

BSDday 2014 call for papers

• BSD Day, a conference not so well-known, is going to be held August 9th in Argentina
• It was created in 2008 and is the only BSD conference around that area
• The "call for papers" was issued, so if you're around Argentina and use BSD, consider submitting a talk
• Sysadmins, developers and regular users are, of course, all welcome to come to the event ***

Feedback/Questions

• Maruf writes in
• Solomon writes in
• Silas writes in
• Bert writes in ***

This episode was brought to you by

Headlines

PIE and ASLR in FreeBSD update

• A status update for Shawn Webb's ASLR and PIE work for FreeBSD
• One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree
• "FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support"
• If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf
• The next step is working on the ASLR coding style and getting more developers to look through it
• Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR ***

Misc. pfSense news

• Couple of pfSense news items this week, including some hardware news
• Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once
• To make that process faster, they're building a controllable power board (and include some cool pics)
• There will be more info on that device a bit later on
• On Friday, June 27th, there will be another video session (for paying customers only...) about virtualized firewalls
• pfSense University, a new paid training course, was also announced
• A single two-day class costs $2000, ouch ***

ZFS stripe width

• A new blog post from Matt Ahrens about ZFS stripe width
• "The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice"
• Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages
• He covers best performance on random IOPS, best reliability, and best space efficiency use cases
• It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor ***

FreeBSD 9.3-BETA3 released

• The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release
• This is expected to be the final BETA, next will come the RCs
• There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20)
• The FreeBSD foundation has a blog post about it too
• There's a list of changes between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits ***

Interview - Bryce Chidester - brycec@devio.us / @brycied00d

Running a BSD shell provider

Tutorial

Chaining SSH connections

News Roundup

My FreeBSD adventure

• A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings
• After ruling out PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on
• In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things
• So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux
• Might be an interesting, ongoing series we can follow up on later ***

Even more BSDCan trip reports

• BSDCan may be over until next year, but trip reports are still pouring in
• This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation
• He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that
• Nice long post about all of his experiences at the event, definitely worth a read
• He even talks about... the food ***

FreeBSD disk partitioning

• For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification
• This erupted into a very long discussion about fdisk vs gnop vs gpart
• So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post
• It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools ***

BSD Router Project version 1.51

• A new version of the BSD Router Project has been released, 1.51
• It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE
• Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere
• Check the sourceforge page for the complete list of changes
• Bad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated ***

Feedback/Questions

• Fongaboo writes in
• David writes in
• Kristian writes in ***

This episode was brought to you by

Headlines

FreeBSD moves to Bugzilla

• Historically, FreeBSD has used the old GNATS system for keeping track of bug reports
• After years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla
• It offers a lot of advantages, is much more modern and actively maintained and
• There's a new workflow chart for developers to illustrate the new way of doing things
• The old "send-pr" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports)
• This will hopefully make reporting bugs a lot less painful ***

DIY NAS: EconoNAS 2014

• We previously covered this blog last year, but the 2014 edition is up
• More of a hardware-focused article, the author details the parts he's using for a budget NAS
• Details the motherboard, RAM, CPU, hard drives, case, etc
• With a set goal of $500 max, he goes just over it - $550 for all the parts
• Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions ***

DragonflyBSD 3.8 released

• Justin announced the availability of DragonflyBSD 3.8.0
• Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts
• It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions
• Work continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series
• See the release page for more info and check the link for source-based upgrade instructions ***

OpenZFS European conference 2014

• There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure
• Matt Ahrens, Introduction
• Michael Alexander, FhGFS performance on ZFS
• Andriy Gapon, Testing ZFS on FreeBSD
• Luke Marsden, HybridCluster: ZFS in the cloud
• Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS
• Chris George, DDRdrive ZIL accelerator: random write revelation
• Grenville Whelan, High-Availability
• Phil Harman, Harman Holistic
• Mark Rees, Storiant and OpenZFS
• Andrew Holway, EraStor ZFS appliances
• Dan Vâtca, Syneto and OpenZFS
• Luke Marsden, HybridCluster and OpenZFS
• Matt Ahrens, Delphix and OpenZFS
• Check the link for slides and other goodies ***

Interview - Benedict Reuschling - bcr@freebsd.org

BSD documentation, getting commit access, unix education, various topics

News Roundup

Getting to know your portmgr, Steve Wills

• "It is my pleasure to introduce Steve Wills, the newest member of the portmgr team"
• swills is an all-round good guy, does a lot for ports (especially the ruby ports)
• In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more
• He used to work for Red Hat, woah ***

BSDTalk episode 242

• This time on BSDTalk, Will interviews Chris Buechler from pfSense
• Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes
• They also touch on recent concerns in the pfSense community about their license change, that they may be "going commercial" and closing the source - so tune in to find out what their future plans are for all of that ***

Turn old PC hardware into a killer home server

• Lots of us have old hardware lying around doing nothing but collecting dust
• Why not turn that old box into a modern file server with FreeNAS and ZFS?
• This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc)
• Most of our users are already familiar with all of this stuff, nothing too advanced
• Good to see BSD getting some well-deserved attention on a big mainstream site ***

Unbloating the VAX install CD

• After a discussion on the VAX mailing list, something very important came to the attention of the developers...
• You can't boot NetBSD on a VAX box with 16MB of RAM from the CD image
• This blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller
• In the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM... ***

Feedback/Questions

• Thomas writes in
• Reynold writes in
• Bostjan writes in
• Paul writes in
• John writes in ***

This episode was brought to you by

Headlines

BSDCan 2014 talks and reports

• The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links
• Karl Lehenbauer's keynote (he's on next week's episode)
• Mariusz Zaborski and Pawel Jakub Dawidek, Capsicum and Casper (relevant to today's interview)
• Luigi Rizzo, In-kernel OpenvSwitch on FreeBSD
• Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage
• Warner Losh, NAND Flash and FreeBSD
• Simon Gerraty, FreeBSD bmake and Meta Mode
• Bob Beck, LibreSSL - The First 30 Days
• Henning Brauer, OpenBGPD Turns 10 Years Old
• Arun Thomas, BSD ARM Kernel Internals
• Peter Hessler, Using BGP for Realtime Spam Lists
• Pedro Giffuni, Features and Status of FreeBSD's Ext2 Implementation
• Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements
• Daichi Goto, Shellscripts and Commands
• Benno Rice, Keeping Current
• Sean Bruno, MIPS Router Hacking
• John-Mark Gurney, Optimizing GELI Performance
• Patrick Kelsey, Userspace Networking with libuinet
• Massimiliano Stucchi, IPv6 Transitioning Mechanisms
• Roger Pau Monné, Taking the Red Pill
• Shawn Webb, Introducing ASLR in FreeBSD
• There's also a trip report from Peter Hessler and one from Julio Merino
• The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend) ***

Defend your network and privacy with a VPN and OpenBSD

• After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back
• This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities
• There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used
• You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)
• It also includes a few general privacy tips, recommended browser extensions, etc
• The intro to the article is especially great, so give the whole thing a read
• He mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you're watching! ***

You should try FreeBSD

• In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that
• He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two
• Possibly the most useful part is how to address the question "my server already works, why bother switching?"
• "Stackoverflow’s answers assume I have apt-get installed"
• It includes mention of the great documentation, stability, ports, improved security and much more
• A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before" ***

OpenBSD and the little Mauritian contributor

• This is a story about a guy from Mauritius named Logan, one of OpenBSD's newest developers
• Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP
• The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon
• It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem
• Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back ***

Interview - Jon Anderson - jonathan@freebsd.org

Capsicum and Casperd

Tutorial

Encrypting DNS lookups

News Roundup

FreeBSD Journal, May 2014 issue

• The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle
• This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling
• Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read ***

LibreSSL porting update

• Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off
• Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!
• This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example
• Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good ***

BSDMag May 2014 issue is out

• The usual monthly release from BSDMag, covering a variety of subjects
• This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things
• It's a free PDF, go grab it ***

BSDTalk episode 241

• A new episode of BSDTalk is out, this time with Bob Beck
• He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more
• The interview itself isn't about LibreSSL at all, but they do touch on it a bit too
• Really interesting stuff, covers a lot of different topics in a short amount of time ***

Feedback/Questions

• We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the vpnc package seems to be what we were looking for
• Tim writes in
• AJ writes in
• Peter writes in
• Thomas writes in
• Martin writes in ***

This episode was brought to you by

Headlines

ALTQ removed from PF

• Kicking off our big PF episode...
• The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current
• There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf
• As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping
• After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem
• This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately. ***

FreeBSD Quarterly Status Report

• The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks
• Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added
• We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team
• LOTS of details and LOTS of topics to cover, give it a read ***

OpenBSD's OpenSSL rewrite continues with m2k14

• A mini OpenBSD hackathon begins in Morocco, Africa
• You can follow the changes in the -current CVS log, but a lot of work is mainly going towards the OpenSSL cleaning
• We've got two trip reports so far, hopefully we'll have some more to show you in a future episode
• You can see some of the more interesting quotes from the tear-down or see everything
• Apparently they are going to call the fork "LibreSSL" ....
• What were the OpenSSL developers thinking? The RSA private key was used to seed the entropy!
• We also got some mainstream news coverage and another post from Ted about the history of the fork
• Definitely consider donating to the OpenBSD foundation, this fork will benefit all the other BSDs too ***

NetBSD 6.1.4 and 6.0.5 released

• New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes
• The main update is - of course - the heartbleed vulnerability
• Also includes fixes for other security issues and even a kernel panic... on Atari
• Patch your Ataris right now, this is serious business ***

Interview - Peter Hansteen - peter@bsdly.net / @pitrh

The Book of PF: 3rd edition

Tutorial

BSD Firewalls: PF

News Roundup

New Xorg now the default in FreeBSD

• For quite a while now, FreeBSD has had two versions of X11 in ports
• The older, stable version was the default, but you could install a newer one by having "WITH_NEW_XORG" in /etc/make.conf
• They've finally made the switch for 10-STABLE and 9-STABLE
• Check this wiki page for more info ***

GSoC-accepted BSD projects

• The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned
• OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon
• The FreeBSD list was also posted
• Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more
• Good luck to all the students participating, hopefully they become full time BSD users ***

Complexity of FreeBSD VFS using ZFS as an example

• HybridCluster posted the second part of their VFS and ZFS series
• This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy
• Of course, also watch episode 24 for our interview with HybridCluster - they do really interesting stuff ***

PCBSD weekly digest

• Preload has been ported over, it's a daemon that prefetches applications
• PCBSD is developing their own desktop environment, Lumina (there's also an FAQ)
• It's still in active development, but you can try it out by installing from ports
• We'll be showing a live demo of it in a few weeks (when development settles down a bit)
• Some kid in Australia subjects his poor mother to being on camera while she tries out PCBSD and gives her impressions of it ***

This episode was brought to you by

Headlines

FreeBSD ASLR status update

• Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD
• He's implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386)
• Work has also started on testing ASLR on ARM, using a Raspberry Pi
• He's giving a presentation at BSDCan this year about his ASLR work
• While we're on the topic of BSDCan... ***

BSDCan tutorials, improving the experience

• Peter Hansteen writes a new blog post about his upcoming BSDCan tutorials
• The tutorials are called "Building the network you need with PF, the OpenBSD packet filter" and "Transitioning to OpenBSD 5.5" - both scheduled to last three hours each
• He's requesting anyone that'll be there to go ahead and contact him, telling him exactly what you'd like to learn
• There's also a bit of background information about the tutorials and how he's looking to improve them
• If you're interested in OpenBSD and going to BSDCan this year, hit him up ***

pkgsrc-2014Q1 released

• The new stable branch of pkgsrc packages has been built and is ready
• Python 3.3 is now a "first class citizen" in pkgsrc
• 14255 packages for NetBSD-current/x86_64, 11233 binary packages built with clang for FreeBSD 10/x86_64
• There's a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD - you could even use pkgsrc instead of pkgng or ports if you were so inclined
• They're also looking into signing packages ***

Only two holes in a heck of a long time, who cares?

• A particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list
• He questions "what's the big deal" about OpenBSD's slogan being "Only two remote holes in the default install, in a heck of a long time!"
• Luckily, the community and Theo set the record straight about why you should care about this
• Running insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features of OpenBSD
• It spawned a discussion about ease of management and Linux's poor security record, definitely worth reading ***

Interview - Dru Lavigne - dru@freebsd.org / @bsdevents

FreeBSD's documentation printing, documentation springs, various topics

Tutorial

Automatic, unattended OpenBSD installs with PXE

News Roundup

pfSense 2.1.1 released

• A new version of pfSense is released, mainly to fix some security issues
• Tracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router
• There are also some NIC driver updates and other things
• Of course if you want to learn more about pfSense, watch episode 25
• 2.1.2 is already up for testing too ***

FreeBSD gets UEFI support

• It looks like FreeBSD's battle with UEFI may be coming to a close?
• Ed Maste committed a giant list of patches to enable UEFI support on x86_64
• Look through the list to see all the details and information
• Thanks FreeBSD foundation! ***

Ideas for the next DragonflyBSD release

• Mr. Dragonfly release engineer himself, Justin Sherrill posts some of his ideas for the upcoming release
• They're aiming for late May for the next version
• Ideas include better support for running in a VM, pkgng fixes, documentation updates and PAM support
• Gasp, they're even considering dropping i386 ***

PCBSD weekly digest

• Lots of new PBI updates for 10.0, new runtime implementation
• New support for running 32 bit applications in PBI runtime
• New default CD and DVD player, umplayer
• Latest GNOME 3 and Cinnamon merged, new edge package builds ***

Feedback/Questions

• Remy writes in
• Jan writes in
• Eddie writes in
• Zen writes in
• Sean writes in ***

This episode was brought to you by

Headlines

Preorders for cool BSD stuff

• The 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder
• We talked to GNN briefly about it, but he and Kirk have apparently finally finished the book
• "For many years, The Design and Implementation of the FreeBSD Operating System has been recognized as the most complete, up-to-date, and authoritative technical guide to FreeBSD's internal structure. Now, this definitive guide has been extensively updated to reflect all major FreeBSD improvements between Versions 5 and Versions 11"
• OpenBSD 5.5 preorders are also up, so you can buy a CD set now
• You can help support the project, and even get the -release of the OS before it's available publicly
• 5.5 is a huge release with lots of big changes, so now is the right time to purchase one of these - tell Austin we sent you! ***

pkgsrcCon 2014 CFP

• This year's pkgsrcCon is in London, on June 21st and 22nd
• There's a Call For Papers out now, so you can submit your talks
• Anything related to pkgsrc is fine, it's pretty informal
• Does anyone in the audience know if the talks will be recorded? This con is relatively unknown ***

BSDMag issue for March 2014

• The monthly BSD magazine releases its newest issue
• Topics this time include: deploying NetBSD using AWS EC2, creating a multi-purpose file server with NetBSD, DragonflyBSD as a backup server, more GIMP lessons, network analysis with wireshark and a general security article
• The Linux article trend seems to continue... hmm ***

Non-ECC RAM in FreeNAS

• We've gotten a few questions about ECC RAM with ZFS
• Here we've got a surprising blog post about why someone did not go with ECC RAM for his NAS build
• The article mentions the benefits of ECC and admits it is a better choice in nearly all instances, but unfortunately it's not very widespread in consumer hardware motherboards and it's more expensive
• Regular RAM also has "special" issues with ZFS and pool corruption
• Long post, so check out the whole thing if you've been considering your memory options and weighing the benefits ***

Interview - Pierre Pronchery - khorben@edgebsd.org / @khorben

EdgeBSD (slides)

Tutorial

Building an OpenBSD desktop

News Roundup

Getting to know your portmgr-lurkers

• This week we get to hear from Frederic Culot, colut@
• Originally an OpenBSD user from France, Frederic joined as a ports committer in 2010 and recently joined the portmgr lurkers team
• "FreeBSD is also one of my sources of inspiration when it comes to how organizations behave and innovate, and I find it very interesting to compare FreeBSD with the for-profit companies I work for"
• We get to find out a little bit about him, why he loves FreeBSD and what he does for the project ***

NetBSD on the Playstation 2

• Who doesn't want to run NetBSD on their old PS2?
• The PS2 port of NetBSD was sadly removed in 2009, but it has been revived
• It's using a slightly unusual MIPS CPU that didn't have much GCC support
• Hopefully a bootable kernel will be available soon ***

The FreeBSD Challenge update

• Our friend from the Linux Foundation continues his FreeBSD switching journey
• This time he starts off by discovering virtual machines suck at keeping accurate time, and some ports weren't working because of his clock being way off
• After polling the IRC for help, he finally learns the difference between ntpdate and ntpd and both of their use cases
• Maybe he should've just read our NTP tutorial! ***

PCBSD weekly digest

• The mount tray icon got lots of updates and fixes
• The faulty distribution server has finally been tracked down and... destroyed
• New language localization project is in progress
• Many many updates to ports and PBIs, new -STABLE builds ***

Feedback/Questions

• Antonio writes in
• Patrick writes in
• Chris writes in
• Ron writes in
• Tyler writes in ***

This episode was brought to you by

Headlines

FreeBSD foundation's 2013 fundraising results

• The FreeBSD foundation finally counted all the money they made in 2013
• $768,562 from 1659 donors
• Nice little blog post from the team with a giant beastie picture
• "We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon."
• A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook) ***

OpenSSH 6.5 released

• We mentioned the CFT last week, and it's finally here!
• New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519 (now the default when both clients support it)
• Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA
• Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can't even attempt to login lol~
• New bcrypt private key type, 500,000,000 times harder to brute force
• Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one
• Portable version already in FreeBSD -CURRENT, and ports
• Lots more bugfixes and features, see the full release note or our interview with Damien
• Work has already started on 6.6, which can be used without OpenSSL! ***

Crazed Ferrets in a Berkeley Shower

• In 2000, MWL wrote an essay for linux.com about why he uses the BSD license: "It’s actually stood up fairly well to the test of time, but it’s fourteen years old now."
• This is basically an updated version about why he uses the BSD license, in response to recent comments from Richard Stallman
• Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL
• Check out the full post if you're one of those people that gets into license arguments
• The takeaway is "BSD is about making the world a better place. For everyone." ***

OpenBSD on BeagleBone Black

• Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi
• A blog post about installing OpenBSD on a BBB from.. our guest for today!
• He describes it as "everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black"
• It goes through the whole process, details different storage options and some workarounds
• Could be a really fun weekend project if you're interested in small or embedded devices ***

Interview - Ted Unangst - tedu@openbsd.org / @tedunangst

OpenBSD's signify infrastructure, ZFS on OpenBSD

Tutorial

Running an NTP server

News Roundup

Getting started with FreeBSD

• A new video and blog series about starting out with FreeBSD
• The author has been a fan since the 90s and has installed it on every server he's worked with
• He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users
• The first video is the installation, then he goes on to packages and other topics - 4 videos so far ***

More OpenBSD hackathon reports

• As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience
• He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work
• This summary goes into detail about all the stuff he got done there ***

X11 in a jail

• We've gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can!
• A new tunable option will let jails access /dev/kmem and similar device nodes
• Along with a change to DRM, this allows full X11 in a jail
• Be sure to check out our jail tutorial and jailed VNC tutorial for ideas ***

PCBSD weekly digest

• 10.0 "Joule Edition" finally released!
• AMD graphics are now officially supported
• GNOME3, MATE and Cinnamon desktops are available
• Grub updates and fixes
• PCBSD also got a mention in eweek ***

Feedback/Questions

• Justin writes in
• Daniel writes in
• Martin writes in
• Alex writes in - unofficial FreeBSD RPI Images
• James writes in
• John writes in ***

This episode was brought to you by

Headlines

Secure communications with OpenBSD and OpenVPN

• Starting off today's theme of encryption...
• A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
• Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)
• Part 2 covers the initial setup of OpenVPN certificates and keys
• Parts 3 and 4 are the OpenVPN server and client configuration
• Part 5 is some updates and closing remarks ***

FreeBSD Foundation Newsletter

• The December 2013 semi-annual newsletter was sent out from the foundation
• In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
• The president's letter alone is worth the read, really amazing
• Really long, with lots of details and stories from the conferences and projects ***

Use of NetBSD with Marvell Kirkwood Processors

• Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
• The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."
• Really cool little NetBSD ARM project with lots of graphs, pictures and details ***

Experimenting with zero-copy network IO

• Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD
• Discusses the different OS' implementations and options
• He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there
• Tons of details, check the full post ***

Interview - Damien Miller - djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Tutorial

Full disk encryption in FreeBSD & OpenBSD

News Roundup

OpenZFS office hours

• Our buddy George Wilson sat down to take some ZFS questions from the community
• You can see more info about it here ***

License summaries in pkgng

• A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
• Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow
• Maybe we could get a "pkg licenses" command to display the license of all installed packages
• Ok bapt, do it ***

The FreeBSD challenge continues

• Checking in with our buddy from the Linux foundation...
• The switching from Linux to FreeBSD blog series continues for his month-long trial
• Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge. Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."
• Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more ***

Ports gets a stable branch

• For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch
• This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes
• All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1 ***

Feedback/Questions

• John writes in
• Spencer writes in
• Campbell writes in
• Sha'ul writes in
• Clint writes in ***

Headlines

pkgng 1.2 released

• bapt and bdrewery from the portmgr team released pkgng 1.2 final
• New features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new "pkg config" command, repo improvements, vuXML is now default, new fingerprint features and much more
• Really simple to upgrade, check our pkgng tutorial if you want some easy instructions
• It's also made its way into Dragonfly
• See the show notes for the full list of new features and fixes ***

ChaCha20 and Poly1305 in OpenSSH

• Damien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305
• Long blog post explaining what these are and why we need them
• This cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC
• RC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn't show the packet length in cleartext
• Great explanation of the differences between EtM, MtE and EaM and their advantages
• "Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly." ***

Is it time to dump Linux and move to BSD

• ITworld did an article about switching from Linux to BSD
• The author's interest was sparked from a review he was reading that said "I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0"
• The whole article can be summed up with "yes" - ok, next story! ***

OpenZFS devsummit videos

• The OpenZFS developer summit discussion and presentation videos are up
• People from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced
• Question and answer session from representatives of every OS - had a couple FreeBSD guys there including one from the foundation
• Presentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production
• TONS of video, about 6 hours' worth
• This leads us into our interview, which is... ***

Interview - George Wilson - wilzun@gmail.com / @zfsdude

OpenZFS

Tutorial

A crash course on ZFS

News Roundup

ruBSD 2013 information

• The ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia
• Speakers include three OpenBSD developers, Theo de Raadt, Henning Brauer and Mike Belopuhov
• Their talks are titled "The bane of backwards compatibility," "OpenBSD's pf: Design, Implementation and Future" and "OpenBSD: Where crypto is going?"
• No word on if there will be video recordings, but we'll let you know if that changes ***

DragonFly roadmap, post 3.6

• John Marino posted a possible roadmap for DragonFly, now that they're past the 3.6 release
• He wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils)
• Plans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still
• Bring in fixes and new stuff from FreeBSD 10 ***

BSDCan 2014 CFP

• BSDCan 2014 will be held on May 16-17 in Ottawa, Canada
• They're now accepting proposals for talks
• If you are doing something interesting with a BSD operating system, please submit a proposal
• We'll be getting lots of interviews there ***

casperd added to -CURRENT

• "It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted."
• Lists some sysctls that can be controlled ***

ZFS corruption bug fixed in -CURRENT

• Just a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded ***

Feedback/Questions

• Chris writes in
• SW writes in
• Jason writes in
• Clint writes in
• Chris writes in ***