This episode was brought to you by

Headlines

More conference presentation videos

• Some more of the presentation videos from AsiaBSDCon are appearing online
• Masanobu Saitoh, Developing CPE Routers Based on NetBSD
• Reyk Floeter, VXLAN and Cloud-based Networking with OpenBSD
• Jos Jansen, Adapting OS X to the enterprise
• Pierre Pronchery & Guillaume Lasmayous, Carve your NetBSD <!-- skip to 5:06 for henning trolling -->
• Colin Percival, Everything you need to know about cryptography in 1 hour (not from AsiaBSDCon)
• The "bsdconferences" YouTube channel has quite a lot of interesting older BSD talks too - you may want to go back and watch them if you haven't already ***

OpenBSD PIE enhancements

• ASLR and PIE are great security features that OpenBSD has had enabled by default for a long time, in both the base system and ports, but they have one inherent problem
• They only work with dynamic libraries and binaries, so if you have any static binaries, they don't get the same treatment
• For example, the default shells (and many other things in /bin and /sbin) are statically linked
• In the case of the static ones, you can always predict the memory layout, which is very bad and sort of defeats the whole purpose
• With this and a few related commits, OpenBSD fixes this by introducing static self-relocation
• More and more CPU architectures are being tested and getting support too; this isn't just for amd64 and i386 - VAX users can rest easy
• It'll be available in 5.7 in May, or you can use a -current snapshot if you want to get a slice of the action now ***

FreeBSD foundation semi-annual newsletter

• The FreeBSD foundation publishes a huge newsletter twice a year, detailing their funded projects and some community activities
• As always, it starts with a letter from the president of the foundation - this time it's about encouraging students and new developers to get involved
• The article also has a fundraising update with a list of sponsored projects, and they note that the donations meter has changed from dollars to number of donors (since they exceeded the goal already)
• You can read summaries of all the BSD conferences of 2014 and see a list of upcoming ones next year too
• There are also sections about the FreeBSD Journal's progress, a new staff member and a testimonial from NetApp
• It's a very long report, so dedicate some time to read all the way through it
• This year was pretty great for BSD: both the FreeBSD and OpenBSD foundations exceeded their goals and the NetBSD foundation came really close too
• As we go into 2015, consider donating to whichever BSD you use, it really can make a difference ***

Modernizing OpenSSH fingerprints

• When you connect to a server for the first time, you'll get what's called a fingerprint of the host's public key - this is used to verify that you're actually talking to the same server you intended to
• Up until now, the key fingerprints have been an MD5 hash, displayed as hex
• This can be problematic, especially for larger key types like RSA that give lots of wiggle room for collisions, as an attacker could generate a fake host key that gives the same MD5 string as the one you wanted to connect to
• This new change replaces the default MD5 and hex with a base64-encoded SHA256 fingerprint
• You can add a "FingerprintHash" line in your ssh_config to force using only the new type
• There's also a new option to require users to authenticate with more than one public key, so you can really lock down login access to your servers - also useful if you're not 100% confident in any single key type
• The new options should be in the upcoming 6.8 release ***

Interview - Dan Langille - info@bsdcan.org / @bsdcan

Plans for the BSDCan 2015 conference

News Roundup

Introducing ntimed, a new NTP daemon

• As we've mentioned before in our tutorials, there are two main daemons for the Network Time Protocol - ISC's NTPd and OpenBSD's OpenNTPD
• With all the recent security problems with ISC's NTPd, Poul-Henning Kamp has been working on a third NTP daemon
• It's called "ntimed" and you can try out a preview version of it right now - it's in FreeBSD ports or on Github
• PHK also has a few blog entries about the project, including status updates ***

OpenBSD-maintained projects list

• There was recently a read on the misc mailing list asking about different projects started by OpenBSD developers
• The initial list had marks for which software had portable versions to other operating systems (OpenSSH being the most popular example)
• A developer compiled a new list from all of the replies to that thread into a nice organized webpage
• Most people are only familiar with things like OpenSSH, OpenSMTPD, OpenNTPD and more recently LibreSSL, but there are quite a lot more
• This page also serves as a good history lesson for BSD in general: FreeBSD and others have ported some things over, while a couple OpenBSD tools were born from forks of FreeBSD tools (mergemaster, pkg tools, portscout) ***

Monitoring network traffic with FreeBSD

• If you've ever been curious about monitoring network traffic on your FreeBSD boxes, this forum post may be exactly the thing for you
• It'll show you how to combine the Netflow, NfDump and NfSen suite of tools to get some pretty detailed network stats (and of course put them into a fancy webpage)
• This is especially useful for finding out what was going on at a certain point in time, for example if you had a traffic spike ***

Trapping spammers with spamd

• This is a blog post about OpenBSD's spamd - a spam email deferral daemon - and how to use it for your mail
• It gives some background on the greylisting approach to spam, rather than just a typical host blacklist
• "Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the sender re-attempts mail delivery at a later time, the sender may be allowed to continue the mail delivery conversation."
• The post also shows how to combine it with PF and other tools for a pretty fancy mail setup
• You can find spamd in the OpenBSD base system, or use it with FreeBSD or NetBSD via ports and pkgsrc
• You might also want to go back and listen to BSDTalk episode 68, where Will talks to Bob Beck about spamd ***

Feedback/Questions

• Sean writes in
• Brandon writes in
• Anders writes in
• David writes in
• Kyle writes in ***

Mailing List Gold

• NTP code comparison - 192870 vs. 2898
• NICs have feelings too
• Just think about it ***

This episode was brought to you by

Headlines

NetBSD at Hiroshima Open Source Conference

• NetBSD developers are hard at work, putting NetBSD on everything they can find
• At a technology conference in Hiroshima, some developers brought their exotic machines to put on display
• As usual, there are lots of pictures and a nice report from the conference ***

FreeBSD's Linux emulation overhaul

• For a long time, FreeBSD's emulation layer has been based on an ancient Fedora 10 system
• If you've ever needed to install Adobe Flash on BSD, you'll be stuck with all this extra junk
• With some recent work, that's been replaced with a recent CentOS release
• This opens up the door for newer versions of Skype to run on FreeBSD, and maybe even Steam someday ***

pfSense 2.2-BETA

• Big changes are coming in pfSense land, with their upcoming 2.2 release
• We talked to the developer a while back about future plans, and now they're finally out there
• The 2.2 branch will be based on FreeBSD 10-STABLE (instead of 8.3) and include lots of performance fixes
• It also includes some security updates, lots of package changes and updates and much more
• You can check the full list of changes on their wiki ***

NetBSD on the Raspberry Pi

• This article shows how you can install NetBSD on the ever-so-popular Raspberry Pi
• As of right now, you'll need to use a -CURRENT snapshot to do it
• It also shows how to grow the filesystem to fill up an SD card, some pkgsrc basics and how to get some initial things set up
• Can anyone find something that you can't install NetBSD on? ***

Interview - Steve Wills - swills@freebsd.org / @swills

Mentoring new BSD developers

News Roundup

MidnightBSD 0.5 released

• We don't hear a whole lot about MidnightBSD, but they've just released version 0.5
• It's got a round of the latest FreeBSD security patches, driver updates and various small things
• Maybe one of their developers could come on the show sometime and tell us more about the project ***

BSD Router Project 1.52 released

• The newest update for the BSD Router Project is out
• This version is based on a snapshot of 10-STABLE that's very close to 10.1-RELEASE
• It's mostly a bugfix release, but includes some small changes and package updates ***

Configuring a DragonFly BSD desktop

• We've done tutorials on how to set up a FreeBSD or OpenBSD desktop, but maybe you're more interested in DragonFly
• In this post from Justin Sherrill, you'll learn some of the steps to do just that
• He pulled out an old desktop machine, gave it a try and seems to be pleased with the results
• It includes a few Xorg tips, and there are some comments about the possibility of making a GUI DragonFly installer ***

Building a mini-ITX pfSense box

• Another week, another pfSense firewall build post
• This time, the author is installing to a Jetway J7F2, a mini-ITX device with four LAN ports
• He used to be a m0n0wall guy, but wanted to give the more modern pfSense a try
• Lots of great pictures of the hardware, which we always love ***

Feedback/Questions

• Damian writes in
• Jan writes in
• Dale writes in
• Joe writes in
• Bostjan writes in ***

This episode was brought to you by

Headlines

FreeBSD foundation semi-annual newsletter

• The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation
• "In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!"
• It talks about the FreeBSD journal as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT
• The full list of funded projects is included, also with details in the financial reports
• There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon

This episode was brought to you by

Headlines

FreeBSD quarterly status report

• FreeBSD has gotten quite a lot done this quarter
• Changes in the way release branches are supported - major releases will get at least five years over their lifespan
• A new automounter is in the works, hoping to replace amd (which has some issues)
• The CAM target layer and RPC stack have gotten some major optimization and speed boosts
• Work on ZFSGuru continues, with a large status report specifically for that
• The report also mentioned some new committers, both source and ports
• It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
• "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" ***

A new OpenBSD HTTPD is born

• Work has begun on a new HTTP daemon in the OpenBSD base system
• A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
• Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
• It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
• This has the added benefit of the usual, easy-to-understand syntax and privilege separation
• There's a very brief man page online already
• It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
• Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) ***

pkgng 1.3 announced

• The newest version of FreeBSD's second generation package management system has been released, with lots of new features
• It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
• Lots of the code has been sandboxed for extra security
• You'll probably notice some new changes to the UI too, making things more user friendly
• A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday ***

FreeBSD after-install security tasks

• A number of people have written in to ask us "how do I secure my BSD box after I install it?"
• With this blog post, hopefully most of their questions will finally be answered in detail
• It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
• Not only does it just list things to do, but the post also does a good job of explaining why you should do them
• Maybe we'll see some more posts in this series in the future ***

Interview - Brent Cook - bcook@openbsd.org / @busterbcook

LibreSSL's portable version and development

News Roundup

FreeBSD Mastery - Storage Essentials

• MWL's new book about the FreeBSD storage subsystems now has an early draft available
• Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
• Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
• You'll get access to the completed (e)book when it's done if you buy the early draft
• The suggested price is $8 ***

Why BSD and not Linux?

• Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
• Lots of good responses from users of the various BSDs
• Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
• And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
• Some other users share their switching experiences - worth a read ***

More g2k14 hackathon reports

• Following up from last week's huge list of hackathon reports, we have a few more
• Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
• Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
• Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
• Luckily we didn't have to cover 20 new ones this time! ***

BSDTalk episode 243

• The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
• The main topic of discussion is mandoc, which some users might not be familiar with
• mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
• We'll catch up to you soon, Will! ***

Feedback/Questions

• Thomas writes in
• Stephen writes in
• Sha'ul writes in
• Florian writes in
• Bob Beck writes in - and note the "Caution" section that was added to libressl.org ***

This episode was brought to you by

Headlines

FreeBSD moves to Bugzilla

• Historically, FreeBSD has used the old GNATS system for keeping track of bug reports
• After years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla
• It offers a lot of advantages, is much more modern and actively maintained and
• There's a new workflow chart for developers to illustrate the new way of doing things
• The old "send-pr" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports)
• This will hopefully make reporting bugs a lot less painful ***

DIY NAS: EconoNAS 2014

• We previously covered this blog last year, but the 2014 edition is up
• More of a hardware-focused article, the author details the parts he's using for a budget NAS
• Details the motherboard, RAM, CPU, hard drives, case, etc
• With a set goal of $500 max, he goes just over it - $550 for all the parts
• Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions ***

DragonflyBSD 3.8 released

• Justin announced the availability of DragonflyBSD 3.8.0
• Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts
• It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions
• Work continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series
• See the release page for more info and check the link for source-based upgrade instructions ***

OpenZFS European conference 2014

• There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure
• Matt Ahrens, Introduction
• Michael Alexander, FhGFS performance on ZFS
• Andriy Gapon, Testing ZFS on FreeBSD
• Luke Marsden, HybridCluster: ZFS in the cloud
• Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS
• Chris George, DDRdrive ZIL accelerator: random write revelation
• Grenville Whelan, High-Availability
• Phil Harman, Harman Holistic
• Mark Rees, Storiant and OpenZFS
• Andrew Holway, EraStor ZFS appliances
• Dan Vâtca, Syneto and OpenZFS
• Luke Marsden, HybridCluster and OpenZFS
• Matt Ahrens, Delphix and OpenZFS
• Check the link for slides and other goodies ***

Interview - Benedict Reuschling - bcr@freebsd.org

BSD documentation, getting commit access, unix education, various topics

News Roundup

Getting to know your portmgr, Steve Wills

• "It is my pleasure to introduce Steve Wills, the newest member of the portmgr team"
• swills is an all-round good guy, does a lot for ports (especially the ruby ports)
• In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more
• He used to work for Red Hat, woah ***

BSDTalk episode 242

• This time on BSDTalk, Will interviews Chris Buechler from pfSense
• Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes
• They also touch on recent concerns in the pfSense community about their license change, that they may be "going commercial" and closing the source - so tune in to find out what their future plans are for all of that ***

Turn old PC hardware into a killer home server

• Lots of us have old hardware lying around doing nothing but collecting dust
• Why not turn that old box into a modern file server with FreeNAS and ZFS?
• This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc)
• Most of our users are already familiar with all of this stuff, nothing too advanced
• Good to see BSD getting some well-deserved attention on a big mainstream site ***

Unbloating the VAX install CD

• After a discussion on the VAX mailing list, something very important came to the attention of the developers...
• You can't boot NetBSD on a VAX box with 16MB of RAM from the CD image
• This blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller
• In the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM... ***

Feedback/Questions

• Thomas writes in
• Reynold writes in
• Bostjan writes in
• Paul writes in
• John writes in ***

This episode was brought to you by

Headlines

BSDCan 2014 talks and reports

• The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links
• Karl Lehenbauer's keynote (he's on next week's episode)
• Mariusz Zaborski and Pawel Jakub Dawidek, Capsicum and Casper (relevant to today's interview)
• Luigi Rizzo, In-kernel OpenvSwitch on FreeBSD
• Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage
• Warner Losh, NAND Flash and FreeBSD
• Simon Gerraty, FreeBSD bmake and Meta Mode
• Bob Beck, LibreSSL - The First 30 Days
• Henning Brauer, OpenBGPD Turns 10 Years Old
• Arun Thomas, BSD ARM Kernel Internals
• Peter Hessler, Using BGP for Realtime Spam Lists
• Pedro Giffuni, Features and Status of FreeBSD's Ext2 Implementation
• Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements
• Daichi Goto, Shellscripts and Commands
• Benno Rice, Keeping Current
• Sean Bruno, MIPS Router Hacking
• John-Mark Gurney, Optimizing GELI Performance
• Patrick Kelsey, Userspace Networking with libuinet
• Massimiliano Stucchi, IPv6 Transitioning Mechanisms
• Roger Pau Monné, Taking the Red Pill
• Shawn Webb, Introducing ASLR in FreeBSD
• There's also a trip report from Peter Hessler and one from Julio Merino
• The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend) ***

Defend your network and privacy with a VPN and OpenBSD

• After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back
• This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities
• There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used
• You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)
• It also includes a few general privacy tips, recommended browser extensions, etc
• The intro to the article is especially great, so give the whole thing a read
• He mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you're watching! ***

You should try FreeBSD

• In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that
• He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two
• Possibly the most useful part is how to address the question "my server already works, why bother switching?"
• "Stackoverflow’s answers assume I have apt-get installed"
• It includes mention of the great documentation, stability, ports, improved security and much more
• A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before" ***

OpenBSD and the little Mauritian contributor

• This is a story about a guy from Mauritius named Logan, one of OpenBSD's newest developers
• Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP
• The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon
• It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem
• Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back ***

Interview - Jon Anderson - jonathan@freebsd.org

Capsicum and Casperd

Tutorial

Encrypting DNS lookups

News Roundup

FreeBSD Journal, May 2014 issue

• The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle
• This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling
• Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read ***

LibreSSL porting update

• Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off
• Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!
• This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example
• Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good ***

BSDMag May 2014 issue is out

• The usual monthly release from BSDMag, covering a variety of subjects
• This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things
• It's a free PDF, go grab it ***

BSDTalk episode 241

• A new episode of BSDTalk is out, this time with Bob Beck
• He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more
• The interview itself isn't about LibreSSL at all, but they do touch on it a bit too
• Really interesting stuff, covers a lot of different topics in a short amount of time ***

Feedback/Questions

• We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the vpnc package seems to be what we were looking for
• Tim writes in
• AJ writes in
• Peter writes in
• Thomas writes in
• Martin writes in ***

This episode was brought to you by

Headlines

Preorders for cool BSD stuff

• The 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder
• We talked to GNN briefly about it, but he and Kirk have apparently finally finished the book
• "For many years, The Design and Implementation of the FreeBSD Operating System has been recognized as the most complete, up-to-date, and authoritative technical guide to FreeBSD's internal structure. Now, this definitive guide has been extensively updated to reflect all major FreeBSD improvements between Versions 5 and Versions 11"
• OpenBSD 5.5 preorders are also up, so you can buy a CD set now
• You can help support the project, and even get the -release of the OS before it's available publicly
• 5.5 is a huge release with lots of big changes, so now is the right time to purchase one of these - tell Austin we sent you! ***

pkgsrcCon 2014 CFP

• This year's pkgsrcCon is in London, on June 21st and 22nd
• There's a Call For Papers out now, so you can submit your talks
• Anything related to pkgsrc is fine, it's pretty informal
• Does anyone in the audience know if the talks will be recorded? This con is relatively unknown ***

BSDMag issue for March 2014

• The monthly BSD magazine releases its newest issue
• Topics this time include: deploying NetBSD using AWS EC2, creating a multi-purpose file server with NetBSD, DragonflyBSD as a backup server, more GIMP lessons, network analysis with wireshark and a general security article
• The Linux article trend seems to continue... hmm ***

Non-ECC RAM in FreeNAS

• We've gotten a few questions about ECC RAM with ZFS
• Here we've got a surprising blog post about why someone did not go with ECC RAM for his NAS build
• The article mentions the benefits of ECC and admits it is a better choice in nearly all instances, but unfortunately it's not very widespread in consumer hardware motherboards and it's more expensive
• Regular RAM also has "special" issues with ZFS and pool corruption
• Long post, so check out the whole thing if you've been considering your memory options and weighing the benefits ***

Interview - Pierre Pronchery - khorben@edgebsd.org / @khorben

EdgeBSD (slides)

Tutorial

Building an OpenBSD desktop

News Roundup

Getting to know your portmgr-lurkers

• This week we get to hear from Frederic Culot, colut@
• Originally an OpenBSD user from France, Frederic joined as a ports committer in 2010 and recently joined the portmgr lurkers team
• "FreeBSD is also one of my sources of inspiration when it comes to how organizations behave and innovate, and I find it very interesting to compare FreeBSD with the for-profit companies I work for"
• We get to find out a little bit about him, why he loves FreeBSD and what he does for the project ***

NetBSD on the Playstation 2

• Who doesn't want to run NetBSD on their old PS2?
• The PS2 port of NetBSD was sadly removed in 2009, but it has been revived
• It's using a slightly unusual MIPS CPU that didn't have much GCC support
• Hopefully a bootable kernel will be available soon ***

The FreeBSD Challenge update

• Our friend from the Linux Foundation continues his FreeBSD switching journey
• This time he starts off by discovering virtual machines suck at keeping accurate time, and some ports weren't working because of his clock being way off
• After polling the IRC for help, he finally learns the difference between ntpdate and ntpd and both of their use cases
• Maybe he should've just read our NTP tutorial! ***

PCBSD weekly digest

• The mount tray icon got lots of updates and fixes
• The faulty distribution server has finally been tracked down and... destroyed
• New language localization project is in progress
• Many many updates to ports and PBIs, new -STABLE builds ***

Feedback/Questions

• Antonio writes in
• Patrick writes in
• Chris writes in
• Ron writes in
• Tyler writes in ***

This episode was brought to you by

Headlines

Using OpenSSH Certificate Authentication

• SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using
• They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that
• There's the benefit of not needing a known_hosts file or authorized_users file anymore
• The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication ***

Back to FreeBSD, a new series

• Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey
• "So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10"
• He's starting off with PCBSD since it's easy to get working with dual graphics
• Should be a fun series to follow! ***

OpenBSD's recent experiments in package building

• If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb
• Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware
• This article goes through some of his findings and plans for future versions that increase performance
• We'll be showing a tutorial of dpb on the show in a few weeks ***

Securing FreeBSD with 2FA

• So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box?
• This post walks us through the process of locking down an ssh server with 2FA
• With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections ***

Interview - Gleb Kurtsou - gleb.kurtsou@gmail.com

PEFS (security audit results here)

Tutorial

Filesystem-based encryption with PEFS

News Roundup

BSDCan 2014 registration

• Registration is finally open!
• The prices are available along with a full list of presentations
• Tutorial sessions for various topics as well
• You have to go ***

Big changes for OpenBSD 5.6

• Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising
• OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3
• They've also imported nginx into base a few years ago, but now have finally removed Apache
• Sendmail is also no longer the default MTA, OpenSMTPD is the new default
• Will BIND be removed next? Maybe so
• They've also discontinued the hp300, mvme68k and mvme88k ports ***

Getting to know your portmgr lurkers

• The "getting to know your portmgr" series makes its return
• This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports)
• How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by"
• Mentions why he's still heavily involved with the project and lots more ***

PCBSD weekly digest

• Work has started to port Pulseaudio to PCBSD 10.0.1
• There's a new "pc-mixer" utility being worked on for sound management as well
• New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more
• PCBSD 10.0.1 was released too ***

Feedback/Questions

• Alex writes in
• Ben writes in
• Nick writes in
• Sami writes in
• Christopher writes in ***

Headlines

Faces of FreeBSD

• The FreeBSD foundation is publishing articles on different FreeBSD developers
• This one is about Colin Percival (cperciva@), the ex-security officer
• Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
• Running series with more to come ***

Lots of BSD presentation videos uploaded

• EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL's presentation video
• Most of us never get to see the dev summit talks since they're only for developers
• AsiaBSDCon 2013 videos also up finally
• List of AsiaBSDCon presentation topics here
• Our buddy Michael W Lucas gave an "OpenBSD for Linux users" talk at a Michigan Unix Users Group.
• He says "Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff"
• Really informative presentation, pretty long, answers some common questions at the end ***

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

• FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
• Just like in the last years, there will be both a BSD booth and a developer's room
• The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
• If you are in the area or want to go, check the show notes for details
• NYCBSDCon is also accepting papers.
• It'll be in New York City at the beginning of February 2014
• If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff! ***

FreeBSD foundation's year-end fundraising campaign

• The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
• As of today they have raised about half a million dollars, but still have a while to go
• Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
• They are preparing the debut of a new online magazine, the FreeBSD Journal
• Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
• Make your donation today over at freebsdfoundation.org, every little bit helps
• Everyone involved with BSD Now made a donation last year and will do so again this year ***

Interview - Amitai Schlair - schmonz@netbsd.org / @schmonz

The NetBSD Foundation, pkgsrc, future plans

Tutorial

Combining SSH and tmux

• Note: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions. ***

News Roundup

PS4 released

• Sony's Playstation 4 is finally released
• As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
• Link in the show notes contains the full list of BSD software they're using
• Always good to see BSD being so widespread ***

BSD Mag November issue

• Free monthly BSD magazine publishes another issue
• This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
• PDF linked in the show notes ***

pbulk builds made easy

• NetBSD's pbulk tool is similar to poudriere, but for pkgsrc
• While working on updating the documentation, a developer cleaned up quite a lot of code
• He wrote a script that automates pbulk deployment and setup
• The whole setup of a dedicated machine has been reduced to just three commands ***

PCBSD weekly digest

• Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
• Many PC-BSD programs received some necessary bug fixes and updates
• Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM ***

Feedback/Questions

• Peter writes in
• Kjell-Aleksander writes in
• Jordan writes in
• Christian writes in
• entransic writes in ***