<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" encoding="UTF-8" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/" xmlns:atom="http://www.w3.org/2005/Atom/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:fireside="http://fireside.fm/modules/rss/fireside">
  <channel>
    <fireside:hostname>app01</fireside:hostname>
    <fireside:genDate>Tue, 14 Jul 2026 12:45:17 +0000</fireside:genDate>
    <generator>Fireside (https://fireside.fm)</generator>
    <title>BSD Now - Episodes Tagged with “Tunnel”</title>
    <link>https://www.bsdnow.tv/tags/tunnel</link>
    <pubDate>Thu, 16 Feb 2023 03:00:00 -0500</pubDate>
    <description>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.</description>
    <language>en-us</language>
    <itunes:type>episodic</itunes:type>
    <itunes:subtitle>A weekly podcast and the place to B...SD</itunes:subtitle>
    <itunes:author>JT Pennington</itunes:author>
    <itunes:summary>Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.</itunes:summary>
    <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
    <itunes:explicit>no</itunes:explicit>
    <itunes:keywords>berkeley,freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview</itunes:keywords>
    <itunes:owner>
      <itunes:name>JT Pennington</itunes:name>
      <itunes:email>feedback@bsdnow.tv</itunes:email>
    </itunes:owner>
<itunes:category text="News">
  <itunes:category text="Tech News"/>
</itunes:category>
<itunes:category text="Education">
  <itunes:category text="How To"/>
</itunes:category>
<item>
  <title>494: Unix workstation extinction</title>
  <link>https://www.bsdnow.tv/494</link>
  <guid isPermaLink="false">b6bd08a9-8d1d-4bc9-8024-a8153fe7b304</guid>
  <pubDate>Thu, 16 Feb 2023 03:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b6bd08a9-8d1d-4bc9-8024-a8153fe7b304.mp3" length="44895744" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Mass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more</itunes:subtitle>
  <itunes:duration>46:45</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Mass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;em&gt;NOTES&lt;/em&gt;&lt;/strong&gt;&lt;br&gt;
This episode of BSDNow is brought to you by &lt;a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener"&gt;Tarsnap&lt;/a&gt; and the &lt;a href="https://www.patreon.com/bsdnow" rel="nofollow noopener"&gt;BSDNow Patreon&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.osnews.com/story/135605/the-mass-extinction-of-unix-workstations/" rel="nofollow noopener"&gt;The mass extinction of UNIX workstations&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.agwa.name/blog/post/whoarethey" rel="nofollow noopener"&gt;whoarethey: Determine Who Can Log In to an SSH Server&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://klarasystems.com/articles/freebsd-vs-linux-5-factors-when-considering-freebsd-vs-linux-package-management/" rel="nofollow noopener"&gt;FreeBSD vs. Linux 5 Factors When Considering FreeBSD vs. Linux: Packages&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://iximiuz.com/en/posts/ssh-tunnels/" rel="nofollow noopener"&gt;A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://medium.com/@peter.hansteen/harvesting-the-noise-while-its-fresh-revisited-3da1894cc8a7" rel="nofollow noopener"&gt;Harvesting the Noise While it’s Fresh, Revisited&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://byte--sized-de.translate.goog/linux-unix/bastille-der-jail-manager-unter-freebsd/?_x_tr_sl=de&amp;amp;_x_tr_tl=en&amp;amp;_x_tr_hl=en&amp;amp;_x_tr_pto=wapp" rel="nofollow noopener"&gt;Bastille - The Jail Manager on FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h3&gt;Tarsnap&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
***&lt;/li&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, operating system, open source, shell, unix, os, berkeley, software, distribution, development, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, workstation, factors, deciding, decision, comparison, ssh, login, visual guide, tunnel, bastille, jail manager</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Mass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.osnews.com/story/135605/the-mass-extinction-of-unix-workstations/" rel="nofollow noopener">The mass extinction of UNIX workstations</a></h3>

<hr>

<h3><a href="https://www.agwa.name/blog/post/whoarethey" rel="nofollow noopener">whoarethey: Determine Who Can Log In to an SSH Server</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://klarasystems.com/articles/freebsd-vs-linux-5-factors-when-considering-freebsd-vs-linux-package-management/" rel="nofollow noopener">FreeBSD vs. Linux 5 Factors When Considering FreeBSD vs. Linux: Packages</a></h3>

<hr>

<h3><a href="https://iximiuz.com/en/posts/ssh-tunnels/" rel="nofollow noopener">A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding</a></h3>

<hr>

<h3><a href="https://medium.com/@peter.hansteen/harvesting-the-noise-while-its-fresh-revisited-3da1894cc8a7" rel="nofollow noopener">Harvesting the Noise While it’s Fresh, Revisited</a></h3>

<hr>

<h3><a href="https://byte--sized-de.translate.goog/linux-unix/bastille-der-jail-manager-unter-freebsd/?_x_tr_sl=de&amp;_x_tr_tl=en&amp;_x_tr_hl=en&amp;_x_tr_pto=wapp" rel="nofollow noopener">Bastille - The Jail Manager on FreeBSD</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
***</li>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Mass extinction of UNIX workstations, Determine Who Can Log In to an SSH Server, Factors When Considering FreeBSD vs. Linux Packages, A Visual Guide to SSH Tunnels, Harvesting the Noise While it’s Fresh, Bastille - The Jail Manager on FreeBSD, and more</p>

<p><strong><em>NOTES</em></strong><br>
This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" rel="nofollow noopener">BSDNow Patreon</a></p>

<h2>Headlines</h2>

<h3><a href="https://www.osnews.com/story/135605/the-mass-extinction-of-unix-workstations/" rel="nofollow noopener">The mass extinction of UNIX workstations</a></h3>

<hr>

<h3><a href="https://www.agwa.name/blog/post/whoarethey" rel="nofollow noopener">whoarethey: Determine Who Can Log In to an SSH Server</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://klarasystems.com/articles/freebsd-vs-linux-5-factors-when-considering-freebsd-vs-linux-package-management/" rel="nofollow noopener">FreeBSD vs. Linux 5 Factors When Considering FreeBSD vs. Linux: Packages</a></h3>

<hr>

<h3><a href="https://iximiuz.com/en/posts/ssh-tunnels/" rel="nofollow noopener">A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding</a></h3>

<hr>

<h3><a href="https://medium.com/@peter.hansteen/harvesting-the-noise-while-its-fresh-revisited-3da1894cc8a7" rel="nofollow noopener">Harvesting the Noise While it’s Fresh, Revisited</a></h3>

<hr>

<h3><a href="https://byte--sized-de.translate.goog/linux-unix/bastille-der-jail-manager-unter-freebsd/?_x_tr_sl=de&amp;_x_tr_tl=en&amp;_x_tr_hl=en&amp;_x_tr_pto=wapp" rel="nofollow noopener">Bastille - The Jail Manager on FreeBSD</a></h3>

<hr>

<h3>Tarsnap</h3>

<ul>
<li>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
***</li>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>328: EPYC Netflix Stack</title>
  <link>https://www.bsdnow.tv/328</link>
  <guid isPermaLink="false">be8ded86-58b0-46af-ba11-af5a748bc3d8</guid>
  <pubDate>Thu, 12 Dec 2019 07:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/be8ded86-58b0-46af-ba11-af5a748bc3d8.mp3" length="41556868" type="audio/mp3"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.</itunes:subtitle>
  <itunes:duration>57:43</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.&lt;/p&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow noopener"&gt;LLDB Threading support now ready for mainline&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.&lt;/p&gt;

&lt;p&gt;In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.&lt;/p&gt;

&lt;p&gt;So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt" rel="nofollow noopener"&gt;Multiple IPSec VPN tunnels with FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see &lt;a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html" rel="nofollow noopener"&gt;https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html&lt;/a&gt;)&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).&lt;/p&gt;

&lt;p&gt;Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).&lt;/p&gt;

&lt;p&gt;VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.phoronix.com/scan.php?page=news_item&amp;amp;px=Netflix-NUMA-FreeBSD-Optimized" rel="nofollow noopener"&gt;Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.&lt;/p&gt;

&lt;p&gt;Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.&lt;/p&gt;

&lt;p&gt;For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://marc.info/?l=openbsd-tech&amp;amp;m=157475113130337&amp;amp;w=2" rel="nofollow noopener"&gt;unwind(8); "happy eyeballs"&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;In case you are wondering why happy eyeballs: It's a variation on this:&lt;br&gt;
&lt;a href="https://en.wikipedia.org/wiki/Happy_Eyeballs" rel="nofollow noopener"&gt;https://en.wikipedia.org/wiki/Happy_Eyeballs&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.&lt;/p&gt;

&lt;p&gt;This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. &lt;/p&gt;

&lt;p&gt;One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):&lt;br&gt;
 17 files changed, 385 insertions(+), 1683 deletions(-)&lt;/p&gt;

&lt;p&gt;Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://aws.amazon.com/marketplace/pp/B081NF7BY7" rel="nofollow noopener"&gt;Amazon now has FreeBSD ARM 12&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;Product Overview&lt;/p&gt;

&lt;p&gt;FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.&lt;/p&gt;

&lt;p&gt;FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h3&gt;&lt;a href="https://www.undeadly.org/cgi?action=article;sid=20191115064850" rel="nofollow noopener"&gt;OpenSSH U2F/FIDO support in base&lt;/a&gt;&lt;/h3&gt;

&lt;blockquote&gt;
&lt;p&gt;I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.&lt;/p&gt;

&lt;p&gt;Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.&lt;/p&gt;

&lt;p&gt;You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.&lt;/p&gt;

&lt;p&gt;So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. &lt;/p&gt;

&lt;p&gt;Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.&lt;/p&gt;

&lt;p&gt;Please test this thoroughly - it's a big change that we want to have stable before the next release.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;hr&gt;

&lt;h2&gt;Beastie Bits&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html" rel="nofollow noopener"&gt;DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-%7E20-lines-of-sh-grep-cut-and-awk/" rel="nofollow noopener"&gt;Really fast Markov chains in ~20 lines of sh, grep, cut and awk&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.freebsdfoundation.org/past-issues/security-3/" rel="nofollow noopener"&gt;FreeBSD Journal Sept/Oct 2019&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://twitter.com/michaeldexter/status/1201231729228308480" rel="nofollow noopener"&gt;Michael Dexter is raising money for Bhyve development&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://marc.info/?l=openbsd-tech&amp;amp;m=157488907117170" rel="nofollow noopener"&gt;syscall call-from verification&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/" rel="nofollow noopener"&gt;FreeBSD Forums Howto Section&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Jeroen - &lt;a href="http://dpaste.com/0PK1EG2#wrap" rel="nofollow noopener"&gt;Feedback&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Savo - &lt;a href="http://dpaste.com/0PZ03B7#wrap" rel="nofollow noopener"&gt;pfsense ports&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Tin - &lt;a href="http://dpaste.com/2GVNCYB#wrap" rel="nofollow noopener"&gt;I want to learn C&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;

&lt;ul&gt;
&lt;li&gt;Send questions, comments, show ideas/topics, or stories you want mentioned on the show to &lt;a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener"&gt;feedback@bsdnow.tv&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;hr&gt;


    &lt;source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0328.mp4" type="video/mp4"&gt;
    Your browser does not support the HTML5 video tag.
 
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, lldb, threading, ipsec, vpn, tunnel, netflix, optimized, network stack, amd, amd epyc, performance, unwind, eyeballs, aws, arm, arm 12, openssh, u2f, fido</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.</p>

<h2>Headlines</h2>

<h3><a href="https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow noopener">LLDB Threading support now ready for mainline</a></h3>

<blockquote>
<p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>

<p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>

<p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
</blockquote>

<hr>

<h3><a href="https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt" rel="nofollow noopener">Multiple IPSec VPN tunnels with FreeBSD</a></h3>

<blockquote>
<p>The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see <a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html" rel="nofollow noopener">https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html</a>)</p>
</blockquote>

<p>But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.</p>

<blockquote>
<p>The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).</p>

<p>Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).</p>

<p>VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.phoronix.com/scan.php?page=news_item&amp;px=Netflix-NUMA-FreeBSD-Optimized" rel="nofollow noopener">Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance</a></h3>

<blockquote>
<p>Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.</p>

<p>Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.</p>

<p>For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.</p>
</blockquote>

<hr>

<h3><a href="https://marc.info/?l=openbsd-tech&amp;m=157475113130337&amp;w=2" rel="nofollow noopener">unwind(8); "happy eyeballs"</a></h3>

<blockquote>
<p>In case you are wondering why happy eyeballs: It's a variation on this:<br>
<a href="https://en.wikipedia.org/wiki/Happy_Eyeballs" rel="nofollow noopener">https://en.wikipedia.org/wiki/Happy_Eyeballs</a></p>

<p>unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.</p>

<p>This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. </p>

<p>One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):<br>
 17 files changed, 385 insertions(+), 1683 deletions(-)</p>

<p>Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.</p>
</blockquote>

<hr>

<h3><a href="https://aws.amazon.com/marketplace/pp/B081NF7BY7" rel="nofollow noopener">Amazon now has FreeBSD ARM 12</a></h3>

<blockquote>
<p>Product Overview</p>

<p>FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.</p>

<p>FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.</p>
</blockquote>

<hr>

<h3><a href="https://www.undeadly.org/cgi?action=article;sid=20191115064850" rel="nofollow noopener">OpenSSH U2F/FIDO support in base</a></h3>

<blockquote>
<p>I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.</p>

<p>Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.</p>

<p>You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.</p>

<p>So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. </p>

<p>Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.</p>

<p>Please test this thoroughly - it's a big change that we want to have stable before the next release.</p>
</blockquote>

<hr>

<h2>Beastie Bits</h2>

<ul>
<li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html" rel="nofollow noopener">DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud</a></li>
<li><a href="https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-%7E20-lines-of-sh-grep-cut-and-awk/" rel="nofollow noopener">Really fast Markov chains in ~20 lines of sh, grep, cut and awk</a></li>
<li><a href="https://www.freebsdfoundation.org/past-issues/security-3/" rel="nofollow noopener">FreeBSD Journal Sept/Oct 2019</a></li>
<li><a href="https://twitter.com/michaeldexter/status/1201231729228308480" rel="nofollow noopener">Michael Dexter is raising money for Bhyve development</a></li>
<li><a href="https://marc.info/?l=openbsd-tech&amp;m=157488907117170" rel="nofollow noopener">syscall call-from verification</a></li>
<li><a href="https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/" rel="nofollow noopener">FreeBSD Forums Howto Section</a></li>
</ul>

<hr>

<h2>Feedback/Questions</h2>

<ul>
<li>Jeroen - <a href="http://dpaste.com/0PK1EG2#wrap" rel="nofollow noopener">Feedback</a></li>
<li>Savo - <a href="http://dpaste.com/0PZ03B7#wrap" rel="nofollow noopener">pfsense ports</a></li>
<li>Tin - <a href="http://dpaste.com/2GVNCYB#wrap" rel="nofollow noopener">I want to learn C</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>


    <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0328.mp4" type="video/mp4">
    Your browser does not support the HTML5 video tag.
]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.</p>

<h2>Headlines</h2>

<h3><a href="https://blog.netbsd.org/tnf/entry/lldb_threading_support_now_ready" rel="nofollow noopener">LLDB Threading support now ready for mainline</a></h3>

<blockquote>
<p>Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.</p>

<p>In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues and fixing watchpoint support. Then, I've started working on improving thread support which is taking longer than expected. You can read more about that in my September 2019 report.</p>

<p>So far the number of issues uncovered while enabling proper threading support has stopped me from merging the work-in-progress patches. However, I've finally reached the point where I believe that the current work can be merged and the remaining problems can be resolved afterwards. More on that and other LLVM-related events happening during the last month in this report.</p>
</blockquote>

<hr>

<h3><a href="https://blog.socruel.nu/text-only/how-to-multiple-ipsec-vpn-tunnels-on-freebsd.txt" rel="nofollow noopener">Multiple IPSec VPN tunnels with FreeBSD</a></h3>

<blockquote>
<p>The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see <a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html" rel="nofollow noopener">https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html</a>)</p>
</blockquote>

<p>But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host. How to implement and configure this is described below.</p>

<blockquote>
<p>The requirements is to have 3 locations (A, B and C) connected with IPSec VPN tunnels using FreeBSD (11.3-RELEASE).</p>

<p>Each location has 1 IPSec VPN host running FreeBSD (VPN host A, B and C).</p>

<p>VPN host A has 2 IPSec VPN tunnels: 1 to location B (VPN host B) and 1 to location C (VPN host C).</p>
</blockquote>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.phoronix.com/scan.php?page=news_item&amp;px=Netflix-NUMA-FreeBSD-Optimized" rel="nofollow noopener">Netflix Optimized FreeBSD's Network Stack More Than Doubled AMD EPYC Performance</a></h3>

<blockquote>
<p>Drew Gallatin of Netflix presented at the recent EuroBSDcon 2019 conference in Norway on the company's network stack optimizations to FreeBSD. Netflix was working on being able to deliver 200Gb/s network performance for video streaming out of Intel Xeon and AMD EPYC servers, to which they are now at 190Gb/s+ and in the process that doubled the potential of EPYC Naples/Rome servers and also very hefty upgrades too for Intel.</p>

<p>Netflix has long been known to be using FreeBSD in their data centers particularly where network performance is concerned. But in wanting to deliver 200Gb/s throughput from individual servers led them to making NUMA optimizations to the FreeBSD network stack. Allocating NUMA local memory for kernel TLS crypto buffers and for backing files sent via sentfile were among their optimizations. Changes to network connection handling and dealing with incoming connections to Nginx were also made.</p>

<p>For those just wanting the end result, Netflix's NUMA optimizations to FreeBSD resulted in their Intel Xeon servers going from 105Gb/s to 191Gb/s while the NUMA fabric utilization dropped from 40% to 13%.</p>
</blockquote>

<hr>

<h3><a href="https://marc.info/?l=openbsd-tech&amp;m=157475113130337&amp;w=2" rel="nofollow noopener">unwind(8); "happy eyeballs"</a></h3>

<blockquote>
<p>In case you are wondering why happy eyeballs: It's a variation on this:<br>
<a href="https://en.wikipedia.org/wiki/Happy_Eyeballs" rel="nofollow noopener">https://en.wikipedia.org/wiki/Happy_Eyeballs</a></p>

<p>unwind has a concept of a best nameserver type. It considers a configured DoT nameserver to be better than doing it's own recursive resolving. Recursive resolving is considered to be better than asking the dhcp provided nameservers.</p>

<p>This diff sorts the nameserver types by quality, as above (validation, resolving, dead...), and as a tie breaker it adds the median of the round trip time of previous queries into the mix. </p>

<p>One other interesting thing about this is that it gets us past captive portals without a check URL, that's why this diff is so huge, it rips out all the captive portal stuff (please apply with patch -E):<br>
 17 files changed, 385 insertions(+), 1683 deletions(-)</p>

<p>Please test this. I'm particularly interested in reports from people who move between networks and need to get past captive portals.</p>
</blockquote>

<hr>

<h3><a href="https://aws.amazon.com/marketplace/pp/B081NF7BY7" rel="nofollow noopener">Amazon now has FreeBSD ARM 12</a></h3>

<blockquote>
<p>Product Overview</p>

<p>FreeBSD is an operating system used to power servers, desktops, and embedded systems. Derived from BSD, the version of UNIX developed at the University of California, Berkeley, FreeBSD has been continually developed by a large community for more than 30 years.</p>

<p>FreeBSD's networking, security, storage, and monitoring features, including the pf firewall, the Capsicum and CloudABI capability frameworks, the ZFS filesystem, and the DTrace dynamic tracing framework, make FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage systems.</p>
</blockquote>

<hr>

<h3><a href="https://www.undeadly.org/cgi?action=article;sid=20191115064850" rel="nofollow noopener">OpenSSH U2F/FIDO support in base</a></h3>

<blockquote>
<p>I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.</p>

<p>Hardware backed keys can be generated using "ssh-keygen -t ecdsa-sk" (or "ed25519-sk" if your token supports it). Many tokens require to be touched/tapped to confirm this step.</p>

<p>You'll get a public/private keypair back as usual, except in this case, the private key file does not contain a highly-sensitive private key but instead holds a "key handle" that is used by the security key to derive the real private key at signing time.</p>

<p>So, stealing a copy of the private key file without also stealing your security key (or access to it) should not give the attacker anything. </p>

<p>Once you have generated a key, you can use it normally - i.e. add it to an agent, copy it to your destination's authorized_keys files (assuming they are running -current too), etc. At authentication time, you will be prompted to tap your security key to confirm the signature operation - this makes theft-of-access attacks against security keys more difficult too.</p>

<p>Please test this thoroughly - it's a big change that we want to have stable before the next release.</p>
</blockquote>

<hr>

<h2>Beastie Bits</h2>

<ul>
<li><a href="http://lists.dragonflybsd.org/pipermail/commits/2019-November/719945.html" rel="nofollow noopener">DragonFly - git: virtio - Fix LUN scan issue w/ Google Cloud</a></li>
<li><a href="https://0x0f0f0f.github.io/posts/2019/11/really-fast-markov-chains-in-%7E20-lines-of-sh-grep-cut-and-awk/" rel="nofollow noopener">Really fast Markov chains in ~20 lines of sh, grep, cut and awk</a></li>
<li><a href="https://www.freebsdfoundation.org/past-issues/security-3/" rel="nofollow noopener">FreeBSD Journal Sept/Oct 2019</a></li>
<li><a href="https://twitter.com/michaeldexter/status/1201231729228308480" rel="nofollow noopener">Michael Dexter is raising money for Bhyve development</a></li>
<li><a href="https://marc.info/?l=openbsd-tech&amp;m=157488907117170" rel="nofollow noopener">syscall call-from verification</a></li>
<li><a href="https://forums.freebsd.org/forums/howtos-and-faqs-moderated.39/" rel="nofollow noopener">FreeBSD Forums Howto Section</a></li>
</ul>

<hr>

<h2>Feedback/Questions</h2>

<ul>
<li>Jeroen - <a href="http://dpaste.com/0PK1EG2#wrap" rel="nofollow noopener">Feedback</a></li>
<li>Savo - <a href="http://dpaste.com/0PZ03B7#wrap" rel="nofollow noopener">pfsense ports</a></li>
<li>Tin - <a href="http://dpaste.com/2GVNCYB#wrap" rel="nofollow noopener">I want to learn C</a></li>
</ul>

<hr>

<ul>
<li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" rel="nofollow noopener">feedback@bsdnow.tv</a></li>
</ul>

<hr>


    <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0328.mp4" type="video/mp4">
    Your browser does not support the HTML5 video tag.
]]>
  </itunes:summary>
</item>
<item>
  <title>65: 8,000,000 Mogofoo-ops</title>
  <link>https://www.bsdnow.tv/65</link>
  <guid isPermaLink="false">c905fcf9-ebc6-4a15-8d34-631dc9742cea</guid>
  <pubDate>Wed, 26 Nov 2014 08:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/c905fcf9-ebc6-4a15-8d34-631dc9742cea.mp3" length="66537364" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up on the show this week, we've got an interview with Brendan Gregg of Netflix. He's got a lot to say about performance tuning and benchmarks, and even some pretty funny stories about how people have done them incorrectly. As always, this week's news and answers to your emails, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:32:24</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up on the show this week, we've got an interview with Brendan Gregg of Netflix. He's got a lot to say about performance tuning and benchmarks, and even some pretty funny stories about how people have done them incorrectly. As always, this week's news and answers to your emails, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.meetbsd.com/" rel="nofollow noopener"&gt;Even more BSD presentation videos&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;More videos from this year's MeetBSD and OpenZFS devsummit were uploaded since last week&lt;/li&gt;
&lt;li&gt;Robert Ryan, &lt;a href="https://www.youtube.com/watch?v=Rc9k1xEepWU" rel="nofollow noopener"&gt;At the Heart of the Digital Economy&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;FreeNAS &amp;amp; ZFS, The Indestructible Duo - &lt;a href="https://www.youtube.com/watch?v=d1C6DELK7fc" rel="nofollow noopener"&gt;Except for the Hard Drives&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Richard Yao, &lt;a href="https://www.youtube.com/watch?v=PIC0dwLRBZU" rel="nofollow noopener"&gt;libzfs_core and ioctl stabilization&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;OpenZFS, &lt;a href="https://www.youtube.com/watch?v=LmbI7F7XTTc" rel="nofollow noopener"&gt;Company lightning talks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;OpenZFS, &lt;a href="https://www.youtube.com/watch?v=gPbVPwScMGk" rel="nofollow noopener"&gt;Hackathon Presentation and Awards&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Pavel Zakharov, &lt;a href="https://www.youtube.com/watch?v=_lGOAZFXra8" rel="nofollow noopener"&gt;Fast File Cloning&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Rick Reed, &lt;a href="https://www.youtube.com/watch?v=TneLO5TdW_M" rel="nofollow noopener"&gt;Half a billion unsuspecting FreeBSD users&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Alex Reece &amp;amp; Matt Ahrens, &lt;a href="https://www.youtube.com/watch?v=Xs6MsJ9kKKE" rel="nofollow noopener"&gt;Device Removal&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Chris Side, &lt;a href="https://www.youtube.com/watch?v=RMTxyqcomPA" rel="nofollow noopener"&gt;Channel Programs&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;David Maxwell, &lt;a href="https://www.youtube.com/watch?v=CZHEZHK4jRc" rel="nofollow noopener"&gt;The Unix command pipeline&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Be sure to check out the &lt;strong&gt;giant list of videos&lt;/strong&gt; from &lt;a href="http://www.bsdnow.tv/episodes/2014_11_19-rump_kernels_revisited" rel="nofollow noopener"&gt;last week's episode&lt;/a&gt; if you haven't seen them already
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.jarredcapellman.com/2014/3/9/NetBSD-and-a-Cobalt-Qube-2" rel="nofollow noopener"&gt;NetBSD on a Cobalt Qube 2&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The Cobalt Qube was a very expensive networking appliance around 2000&lt;/li&gt;
&lt;li&gt;In 2014, you can apparently get one of these MIPS-based machines for about forty bucks&lt;/li&gt;
&lt;li&gt;This blog post details getting NetBSD installed and set up on the rare relic of our networking past&lt;/li&gt;
&lt;li&gt;If you're an old-time fan of RISC or MIPS CPUs, this'll be a treat for you&lt;/li&gt;
&lt;li&gt;Lots of great pictures of the hardware too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;w=2&amp;amp;r=1&amp;amp;s=afl&amp;amp;q=b" rel="nofollow noopener"&gt;OpenBSD vs. AFL&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;In their never-ending security audit, some OpenBSD developers have been &lt;a href="https://twitter.com/damienmiller/status/534156368391831552" rel="nofollow noopener"&gt;hitting various parts of the tree&lt;/a&gt; with a fuzzer&lt;/li&gt;
&lt;li&gt;If you're not familiar, &lt;a href="https://en.wikipedia.org/wiki/Fuzz_testing" rel="nofollow noopener"&gt;fuzzing&lt;/a&gt; is a semi-automated way to test programs for crashes and potential security problems&lt;/li&gt;
&lt;li&gt;The program being subjected to torture gets all sorts of random and invalid input, in the hopes of uncovering overflows and other bugs&lt;/li&gt;
&lt;li&gt;&lt;a href="http://lcamtuf.coredump.cx/afl/" rel="nofollow noopener"&gt;American Fuzzy Lop&lt;/a&gt;, in particular, has provided some interesting results across various open source projects recently&lt;/li&gt;
&lt;li&gt;So far, it's fixed some NULL pointer dereferences in OpenSSH, various crashes in tcpdump and &lt;a href="http://www.bsdnow.tv/episodes/2014_11_12-a_mans_man" rel="nofollow noopener"&gt;mandoc&lt;/a&gt; and &lt;a href="https://www.marc.info/?l=openbsd-cvs&amp;amp;m=141646270127039&amp;amp;w=2" rel="nofollow noopener"&gt;a few other things&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;AFL has an impressive list of CVEs (vulnerabilities) that it's helped developers discover and fix&lt;/li&gt;
&lt;li&gt;It also made its way into OpenBSD ports, FreeBSD ports and NetBSD's pkgsrc very recently, so you can try it out for yourself
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://svnweb.freebsd.org/ports?view=revision&amp;amp;revision=372768" rel="nofollow noopener"&gt;GNOME 3 hits the FreeBSD ports tree&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;While you've been able to run GNOME 3 on PC-BSD and OpenBSD for a while, it hasn't actually hit the FreeBSD ports tree.. until now&lt;/li&gt;
&lt;li&gt;Now you can play with GNOME 3 and all its goodies (as well as Cinnamon 2.2, which this also brings in) on vanilla FreeBSD&lt;/li&gt;
&lt;li&gt;Be sure to check the commit message and &lt;a href="http://www.bsdnow.tv/tutorials/ports" rel="nofollow noopener"&gt;/usr/ports/UPDATING&lt;/a&gt; if you're upgrading from GNOME 2&lt;/li&gt;
&lt;li&gt;You might also want to go back and listen to &lt;a href="http://www.bsdnow.tv/episodes/2014_02_26-port_authority" rel="nofollow noopener"&gt;our interview&lt;/a&gt; with Joe Marcus Clark about GNOME's portability
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Brendan Gregg - &lt;a href="mailto:bgregg@netflix.com" rel="nofollow noopener"&gt;bgregg@netflix.com&lt;/a&gt; / &lt;a href="https://twitter.com/brendangregg" rel="nofollow noopener"&gt;@brendangregg&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Performance tuning, benchmarks, debugging&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.dragonflybsd.org/release40/" rel="nofollow noopener"&gt;DragonFlyBSD 4.0 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A new major version of DragonFly, 4.0.1, was just recently announced&lt;/li&gt;
&lt;li&gt;This version includes support for Haswell GPUs, lots of SMP improvements (including some in PF) and support for up to 256 CPUs&lt;/li&gt;
&lt;li&gt;It's also the first release to drop support for i386, so it joins PCBSD in the 64 bit-only club&lt;/li&gt;
&lt;li&gt;Check the release notes for all the details, including networking and kernel improvements, as well as some crypto changes
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://news.ycombinator.com/item?id=8645443" rel="nofollow noopener"&gt;Can we talk about FreeBSD vs Linux&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Hackernews had a recent thread about discussing Linux vs BSD, and the trolls stayed away for once&lt;/li&gt;
&lt;li&gt;Rather than rehashing why one is "better" than the other, it was focused on explaining some of the differences between ecosystems and communities&lt;/li&gt;
&lt;li&gt;If you're one of the many people who watch our show just out of curiosity about the BSD world, this might be a good thread to read&lt;/li&gt;
&lt;li&gt;Someone in the comments even gave bsdnow.tv a mention as a good resource to learn, thanks guy
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.packetmischief.ca/openbsd-ipsec-tunnel-guide/" rel="nofollow noopener"&gt;OpenBSD IPSEC tunnel guide&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you've ever wanted to connect two networks with OpenBSD gateways, this is the article for you&lt;/li&gt;
&lt;li&gt;It shows how to set up an IPSEC tunnel between destinations, how to lock it down and how to access all the machines on the other network just like they were on your LAN&lt;/li&gt;
&lt;li&gt;The article also explains some of the basics of IPSEC if you're not familiar with all the terminology, so this isn't just for experts&lt;/li&gt;
&lt;li&gt;Though the article itself is a few years old, it mostly still applies to the latest stuff today&lt;/li&gt;
&lt;li&gt;All the tools used are in the OpenBSD base system, so that's pretty handy too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.dragonflybsd.org/docs/ipfw2/" rel="nofollow noopener"&gt;DragonFly starts work on IPFW2&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;DragonFlyBSD, much like FreeBSD, comes with more than one firewall you can use&lt;/li&gt;
&lt;li&gt;Now it looks like you're going to have yet another choice, as someone is working on a fork of IPFW (which is actually already in its second version, so it should be "IPFW3")&lt;/li&gt;
&lt;li&gt;Not a whole lot is known yet; it's still in heavy development, but there's a brief &lt;a href="http://www.dragonflybsd.org/docs/ipfw2/#index6h1" rel="nofollow noopener"&gt;roadmap&lt;/a&gt; page with some planned additions&lt;/li&gt;
&lt;li&gt;The guy who's working on this has already agreed to come on the show for an interview, but we're going to give him a chance to get some more work done first&lt;/li&gt;
&lt;li&gt;Expect that sometime next year, once he's made some progress
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2NYgVifXN" rel="nofollow noopener"&gt;Michael writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21X02saI3" rel="nofollow noopener"&gt;Samael writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21Dj7zImH" rel="nofollow noopener"&gt;Steven writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s218lXg38C" rel="nofollow noopener"&gt;Remy writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20SEuKlaH" rel="nofollow noopener"&gt;Michael writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, dtrace, benchmarks, zfs, solaris, pmstat, performance, high availability, ktrace, strace, iops, freenas, ipfw2, gnome3, afl, fuzzing, american fuzzy lop, ipsec, tunnel</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up on the show this week, we've got an interview with Brendan Gregg of Netflix. He's got a lot to say about performance tuning and benchmarks, and even some pretty funny stories about how people have done them incorrectly. As always, this week's news and answers to your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.meetbsd.com/" rel="nofollow noopener">Even more BSD presentation videos</a></h3>

<ul>
<li>More videos from this year's MeetBSD and OpenZFS devsummit were uploaded since last week</li>
<li>Robert Ryan, <a href="https://www.youtube.com/watch?v=Rc9k1xEepWU" rel="nofollow noopener">At the Heart of the Digital Economy</a></li>
<li>FreeNAS &amp; ZFS, The Indestructible Duo - <a href="https://www.youtube.com/watch?v=d1C6DELK7fc" rel="nofollow noopener">Except for the Hard Drives</a></li>
<li>Richard Yao, <a href="https://www.youtube.com/watch?v=PIC0dwLRBZU" rel="nofollow noopener">libzfs_core and ioctl stabilization</a></li>
<li>OpenZFS, <a href="https://www.youtube.com/watch?v=LmbI7F7XTTc" rel="nofollow noopener">Company lightning talks</a></li>
<li>OpenZFS, <a href="https://www.youtube.com/watch?v=gPbVPwScMGk" rel="nofollow noopener">Hackathon Presentation and Awards</a></li>
<li>Pavel Zakharov, <a href="https://www.youtube.com/watch?v=_lGOAZFXra8" rel="nofollow noopener">Fast File Cloning</a></li>
<li>Rick Reed, <a href="https://www.youtube.com/watch?v=TneLO5TdW_M" rel="nofollow noopener">Half a billion unsuspecting FreeBSD users</a></li>
<li>Alex Reece &amp; Matt Ahrens, <a href="https://www.youtube.com/watch?v=Xs6MsJ9kKKE" rel="nofollow noopener">Device Removal</a></li>
<li>Chris Side, <a href="https://www.youtube.com/watch?v=RMTxyqcomPA" rel="nofollow noopener">Channel Programs</a></li>
<li>David Maxwell, <a href="https://www.youtube.com/watch?v=CZHEZHK4jRc" rel="nofollow noopener">The Unix command pipeline</a></li>
<li>Be sure to check out the <strong>giant list of videos</strong> from <a href="http://www.bsdnow.tv/episodes/2014_11_19-rump_kernels_revisited" rel="nofollow noopener">last week's episode</a> if you haven't seen them already
***</li>
</ul>

<h3><a href="http://www.jarredcapellman.com/2014/3/9/NetBSD-and-a-Cobalt-Qube-2" rel="nofollow noopener">NetBSD on a Cobalt Qube 2</a></h3>

<ul>
<li>The Cobalt Qube was a very expensive networking appliance around 2000</li>
<li>In 2014, you can apparently get one of these MIPS-based machines for about forty bucks</li>
<li>This blog post details getting NetBSD installed and set up on the rare relic of our networking past</li>
<li>If you're an old-time fan of RISC or MIPS CPUs, this'll be a treat for you</li>
<li>Lots of great pictures of the hardware too
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;w=2&amp;r=1&amp;s=afl&amp;q=b" rel="nofollow noopener">OpenBSD vs. AFL</a></h3>

<ul>
<li>In their never-ending security audit, some OpenBSD developers have been <a href="https://twitter.com/damienmiller/status/534156368391831552" rel="nofollow noopener">hitting various parts of the tree</a> with a fuzzer</li>
<li>If you're not familiar, <a href="https://en.wikipedia.org/wiki/Fuzz_testing" rel="nofollow noopener">fuzzing</a> is a semi-automated way to test programs for crashes and potential security problems</li>
<li>The program being subjected to torture gets all sorts of random and invalid input, in the hopes of uncovering overflows and other bugs</li>
<li><a href="http://lcamtuf.coredump.cx/afl/" rel="nofollow noopener">American Fuzzy Lop</a>, in particular, has provided some interesting results across various open source projects recently</li>
<li>So far, it's fixed some NULL pointer dereferences in OpenSSH, various crashes in tcpdump and <a href="http://www.bsdnow.tv/episodes/2014_11_12-a_mans_man" rel="nofollow noopener">mandoc</a> and <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=141646270127039&amp;w=2" rel="nofollow noopener">a few other things</a></li>
<li>AFL has an impressive list of CVEs (vulnerabilities) that it's helped developers discover and fix</li>
<li>It also made its way into OpenBSD ports, FreeBSD ports and NetBSD's pkgsrc very recently, so you can try it out for yourself
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=372768" rel="nofollow noopener">GNOME 3 hits the FreeBSD ports tree</a></h3>

<ul>
<li>While you've been able to run GNOME 3 on PC-BSD and OpenBSD for a while, it hasn't actually hit the FreeBSD ports tree.. until now</li>
<li>Now you can play with GNOME 3 and all its goodies (as well as Cinnamon 2.2, which this also brings in) on vanilla FreeBSD</li>
<li>Be sure to check the commit message and <a href="http://www.bsdnow.tv/tutorials/ports" rel="nofollow noopener">/usr/ports/UPDATING</a> if you're upgrading from GNOME 2</li>
<li>You might also want to go back and listen to <a href="http://www.bsdnow.tv/episodes/2014_02_26-port_authority" rel="nofollow noopener">our interview</a> with Joe Marcus Clark about GNOME's portability
***</li>
</ul>

<h2>Interview - Brendan Gregg - <a href="mailto:bgregg@netflix.com" rel="nofollow noopener">bgregg@netflix.com</a> / <a href="https://twitter.com/brendangregg" rel="nofollow noopener">@brendangregg</a></h2>

<p>Performance tuning, benchmarks, debugging</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://www.dragonflybsd.org/release40/" rel="nofollow noopener">DragonFlyBSD 4.0 released</a></h3>

<ul>
<li>A new major version of DragonFly, 4.0.1, was just recently announced</li>
<li>This version includes support for Haswell GPUs, lots of SMP improvements (including some in PF) and support for up to 256 CPUs</li>
<li>It's also the first release to drop support for i386, so it joins PCBSD in the 64 bit-only club</li>
<li>Check the release notes for all the details, including networking and kernel improvements, as well as some crypto changes
***</li>
</ul>

<h3><a href="https://news.ycombinator.com/item?id=8645443" rel="nofollow noopener">Can we talk about FreeBSD vs Linux</a></h3>

<ul>
<li>Hackernews had a recent thread about discussing Linux vs BSD, and the trolls stayed away for once</li>
<li>Rather than rehashing why one is "better" than the other, it was focused on explaining some of the differences between ecosystems and communities</li>
<li>If you're one of the many people who watch our show just out of curiosity about the BSD world, this might be a good thread to read</li>
<li>Someone in the comments even gave bsdnow.tv a mention as a good resource to learn, thanks guy
***</li>
</ul>

<h3><a href="http://www.packetmischief.ca/openbsd-ipsec-tunnel-guide/" rel="nofollow noopener">OpenBSD IPSEC tunnel guide</a></h3>

<ul>
<li>If you've ever wanted to connect two networks with OpenBSD gateways, this is the article for you</li>
<li>It shows how to set up an IPSEC tunnel between destinations, how to lock it down and how to access all the machines on the other network just like they were on your LAN</li>
<li>The article also explains some of the basics of IPSEC if you're not familiar with all the terminology, so this isn't just for experts</li>
<li>Though the article itself is a few years old, it mostly still applies to the latest stuff today</li>
<li>All the tools used are in the OpenBSD base system, so that's pretty handy too
***</li>
</ul>

<h3><a href="http://www.dragonflybsd.org/docs/ipfw2/" rel="nofollow noopener">DragonFly starts work on IPFW2</a></h3>

<ul>
<li>DragonFlyBSD, much like FreeBSD, comes with more than one firewall you can use</li>
<li>Now it looks like you're going to have yet another choice, as someone is working on a fork of IPFW (which is actually already in its second version, so it should be "IPFW3")</li>
<li>Not a whole lot is known yet; it's still in heavy development, but there's a brief <a href="http://www.dragonflybsd.org/docs/ipfw2/#index6h1" rel="nofollow noopener">roadmap</a> page with some planned additions</li>
<li>The guy who's working on this has already agreed to come on the show for an interview, but we're going to give him a chance to get some more work done first</li>
<li>Expect that sometime next year, once he's made some progress
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2NYgVifXN" rel="nofollow noopener">Michael writes in</a></li>
<li><a href="http://slexy.org/view/s21X02saI3" rel="nofollow noopener">Samael writes in</a></li>
<li><a href="http://slexy.org/view/s21Dj7zImH" rel="nofollow noopener">Steven writes in</a></li>
<li><a href="http://slexy.org/view/s218lXg38C" rel="nofollow noopener">Remy writes in</a></li>
<li><a href="http://slexy.org/view/s20SEuKlaH" rel="nofollow noopener">Michael writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up on the show this week, we've got an interview with Brendan Gregg of Netflix. He's got a lot to say about performance tuning and benchmarks, and even some pretty funny stories about how people have done them incorrectly. As always, this week's news and answers to your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.meetbsd.com/" rel="nofollow noopener">Even more BSD presentation videos</a></h3>

<ul>
<li>More videos from this year's MeetBSD and OpenZFS devsummit were uploaded since last week</li>
<li>Robert Ryan, <a href="https://www.youtube.com/watch?v=Rc9k1xEepWU" rel="nofollow noopener">At the Heart of the Digital Economy</a></li>
<li>FreeNAS &amp; ZFS, The Indestructible Duo - <a href="https://www.youtube.com/watch?v=d1C6DELK7fc" rel="nofollow noopener">Except for the Hard Drives</a></li>
<li>Richard Yao, <a href="https://www.youtube.com/watch?v=PIC0dwLRBZU" rel="nofollow noopener">libzfs_core and ioctl stabilization</a></li>
<li>OpenZFS, <a href="https://www.youtube.com/watch?v=LmbI7F7XTTc" rel="nofollow noopener">Company lightning talks</a></li>
<li>OpenZFS, <a href="https://www.youtube.com/watch?v=gPbVPwScMGk" rel="nofollow noopener">Hackathon Presentation and Awards</a></li>
<li>Pavel Zakharov, <a href="https://www.youtube.com/watch?v=_lGOAZFXra8" rel="nofollow noopener">Fast File Cloning</a></li>
<li>Rick Reed, <a href="https://www.youtube.com/watch?v=TneLO5TdW_M" rel="nofollow noopener">Half a billion unsuspecting FreeBSD users</a></li>
<li>Alex Reece &amp; Matt Ahrens, <a href="https://www.youtube.com/watch?v=Xs6MsJ9kKKE" rel="nofollow noopener">Device Removal</a></li>
<li>Chris Side, <a href="https://www.youtube.com/watch?v=RMTxyqcomPA" rel="nofollow noopener">Channel Programs</a></li>
<li>David Maxwell, <a href="https://www.youtube.com/watch?v=CZHEZHK4jRc" rel="nofollow noopener">The Unix command pipeline</a></li>
<li>Be sure to check out the <strong>giant list of videos</strong> from <a href="http://www.bsdnow.tv/episodes/2014_11_19-rump_kernels_revisited" rel="nofollow noopener">last week's episode</a> if you haven't seen them already
***</li>
</ul>

<h3><a href="http://www.jarredcapellman.com/2014/3/9/NetBSD-and-a-Cobalt-Qube-2" rel="nofollow noopener">NetBSD on a Cobalt Qube 2</a></h3>

<ul>
<li>The Cobalt Qube was a very expensive networking appliance around 2000</li>
<li>In 2014, you can apparently get one of these MIPS-based machines for about forty bucks</li>
<li>This blog post details getting NetBSD installed and set up on the rare relic of our networking past</li>
<li>If you're an old-time fan of RISC or MIPS CPUs, this'll be a treat for you</li>
<li>Lots of great pictures of the hardware too
***</li>
</ul>

<h3><a href="https://www.marc.info/?l=openbsd-cvs&amp;w=2&amp;r=1&amp;s=afl&amp;q=b" rel="nofollow noopener">OpenBSD vs. AFL</a></h3>

<ul>
<li>In their never-ending security audit, some OpenBSD developers have been <a href="https://twitter.com/damienmiller/status/534156368391831552" rel="nofollow noopener">hitting various parts of the tree</a> with a fuzzer</li>
<li>If you're not familiar, <a href="https://en.wikipedia.org/wiki/Fuzz_testing" rel="nofollow noopener">fuzzing</a> is a semi-automated way to test programs for crashes and potential security problems</li>
<li>The program being subjected to torture gets all sorts of random and invalid input, in the hopes of uncovering overflows and other bugs</li>
<li><a href="http://lcamtuf.coredump.cx/afl/" rel="nofollow noopener">American Fuzzy Lop</a>, in particular, has provided some interesting results across various open source projects recently</li>
<li>So far, it's fixed some NULL pointer dereferences in OpenSSH, various crashes in tcpdump and <a href="http://www.bsdnow.tv/episodes/2014_11_12-a_mans_man" rel="nofollow noopener">mandoc</a> and <a href="https://www.marc.info/?l=openbsd-cvs&amp;m=141646270127039&amp;w=2" rel="nofollow noopener">a few other things</a></li>
<li>AFL has an impressive list of CVEs (vulnerabilities) that it's helped developers discover and fix</li>
<li>It also made its way into OpenBSD ports, FreeBSD ports and NetBSD's pkgsrc very recently, so you can try it out for yourself
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=372768" rel="nofollow noopener">GNOME 3 hits the FreeBSD ports tree</a></h3>

<ul>
<li>While you've been able to run GNOME 3 on PC-BSD and OpenBSD for a while, it hasn't actually hit the FreeBSD ports tree.. until now</li>
<li>Now you can play with GNOME 3 and all its goodies (as well as Cinnamon 2.2, which this also brings in) on vanilla FreeBSD</li>
<li>Be sure to check the commit message and <a href="http://www.bsdnow.tv/tutorials/ports" rel="nofollow noopener">/usr/ports/UPDATING</a> if you're upgrading from GNOME 2</li>
<li>You might also want to go back and listen to <a href="http://www.bsdnow.tv/episodes/2014_02_26-port_authority" rel="nofollow noopener">our interview</a> with Joe Marcus Clark about GNOME's portability
***</li>
</ul>

<h2>Interview - Brendan Gregg - <a href="mailto:bgregg@netflix.com" rel="nofollow noopener">bgregg@netflix.com</a> / <a href="https://twitter.com/brendangregg" rel="nofollow noopener">@brendangregg</a></h2>

<p>Performance tuning, benchmarks, debugging</p>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://www.dragonflybsd.org/release40/" rel="nofollow noopener">DragonFlyBSD 4.0 released</a></h3>

<ul>
<li>A new major version of DragonFly, 4.0.1, was just recently announced</li>
<li>This version includes support for Haswell GPUs, lots of SMP improvements (including some in PF) and support for up to 256 CPUs</li>
<li>It's also the first release to drop support for i386, so it joins PCBSD in the 64 bit-only club</li>
<li>Check the release notes for all the details, including networking and kernel improvements, as well as some crypto changes
***</li>
</ul>

<h3><a href="https://news.ycombinator.com/item?id=8645443" rel="nofollow noopener">Can we talk about FreeBSD vs Linux</a></h3>

<ul>
<li>Hackernews had a recent thread about discussing Linux vs BSD, and the trolls stayed away for once</li>
<li>Rather than rehashing why one is "better" than the other, it was focused on explaining some of the differences between ecosystems and communities</li>
<li>If you're one of the many people who watch our show just out of curiosity about the BSD world, this might be a good thread to read</li>
<li>Someone in the comments even gave bsdnow.tv a mention as a good resource to learn, thanks guy
***</li>
</ul>

<h3><a href="http://www.packetmischief.ca/openbsd-ipsec-tunnel-guide/" rel="nofollow noopener">OpenBSD IPSEC tunnel guide</a></h3>

<ul>
<li>If you've ever wanted to connect two networks with OpenBSD gateways, this is the article for you</li>
<li>It shows how to set up an IPSEC tunnel between destinations, how to lock it down and how to access all the machines on the other network just like they were on your LAN</li>
<li>The article also explains some of the basics of IPSEC if you're not familiar with all the terminology, so this isn't just for experts</li>
<li>Though the article itself is a few years old, it mostly still applies to the latest stuff today</li>
<li>All the tools used are in the OpenBSD base system, so that's pretty handy too
***</li>
</ul>

<h3><a href="http://www.dragonflybsd.org/docs/ipfw2/" rel="nofollow noopener">DragonFly starts work on IPFW2</a></h3>

<ul>
<li>DragonFlyBSD, much like FreeBSD, comes with more than one firewall you can use</li>
<li>Now it looks like you're going to have yet another choice, as someone is working on a fork of IPFW (which is actually already in its second version, so it should be "IPFW3")</li>
<li>Not a whole lot is known yet; it's still in heavy development, but there's a brief <a href="http://www.dragonflybsd.org/docs/ipfw2/#index6h1" rel="nofollow noopener">roadmap</a> page with some planned additions</li>
<li>The guy who's working on this has already agreed to come on the show for an interview, but we're going to give him a chance to get some more work done first</li>
<li>Expect that sometime next year, once he's made some progress
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2NYgVifXN" rel="nofollow noopener">Michael writes in</a></li>
<li><a href="http://slexy.org/view/s21X02saI3" rel="nofollow noopener">Samael writes in</a></li>
<li><a href="http://slexy.org/view/s21Dj7zImH" rel="nofollow noopener">Steven writes in</a></li>
<li><a href="http://slexy.org/view/s218lXg38C" rel="nofollow noopener">Remy writes in</a></li>
<li><a href="http://slexy.org/view/s20SEuKlaH" rel="nofollow noopener">Michael writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>52: Reverse Takeover</title>
  <link>https://www.bsdnow.tv/52</link>
  <guid isPermaLink="false">67ad6e78-144e-4d1c-a713-49b54e5b679e</guid>
  <pubDate>Wed, 27 Aug 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/67ad6e78-144e-4d1c-a713-49b54e5b679e.mp3" length="53663188" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:14:31</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.freebsdfoundation.org/press/2014augupdate.pdf" rel="nofollow noopener"&gt;FreeBSD foundation August update&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The foundation has published a new PDF detailing some of their recent activities&lt;/li&gt;
&lt;li&gt;It includes project development updates, the 10.1-RELEASE schedule and some of its new features&lt;/li&gt;
&lt;li&gt;There is also a short interview with &lt;a href="http://www.bsdnow.tv/episodes/2014_04_09-pxe_dust" rel="nofollow noopener"&gt;Dru Lavigne&lt;/a&gt; in the "voices from the community" section&lt;/li&gt;
&lt;li&gt;If you're into hardware, there's another section about some new FreeBSD server equipment&lt;/li&gt;
&lt;li&gt;In closing, there's an update on funding too
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.prado.it/2014/08/20/how-to-run-master-nsd-on-freebsd-10-0/" rel="nofollow noopener"&gt;NSD for an authoritative nameserver&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup&lt;/li&gt;
&lt;li&gt;This article shows how to use NSD for an authoritative DNS nameserver&lt;/li&gt;
&lt;li&gt;It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)&lt;/li&gt;
&lt;li&gt;All the instructions are presented very neatly, with all the little details included&lt;/li&gt;
&lt;li&gt;Less BIND means less vulnerabilities, everybody's happy
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://marc.info/?l=openbsd-cvs&amp;amp;m=140873518514033&amp;amp;w=2" rel="nofollow noopener"&gt;BIND and Nginx removed from OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well&lt;/li&gt;
&lt;li&gt;The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)&lt;/li&gt;
&lt;li&gt;They've also &lt;a href="http://marc.info/?l=openbsd-cvs&amp;amp;m=140908174910713&amp;amp;w=2" rel="nofollow noopener"&gt;removed nginx&lt;/a&gt; from the base system, in favor of the new custom HTTP daemon&lt;/li&gt;
&lt;li&gt;BIND and Nginx are still available in ports if you don't want to switch&lt;/li&gt;
&lt;li&gt;We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on&lt;/li&gt;
&lt;li&gt;With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/user/tsutsuii/videos" rel="nofollow noopener"&gt;NetBSD demo videos&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A Japanese NetBSD developer has been uploading lots of interesting videos&lt;/li&gt;
&lt;li&gt;Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware&lt;/li&gt;
&lt;li&gt;Most of them are demoing sound or running a modern Twitter client on an ancient computer&lt;/li&gt;
&lt;li&gt;They're from the same guy that did the conference wrap-up we mentioned recently
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Shawn Webb - &lt;a href="mailto:shawn.webb@hardenedbsd.org" rel="nofollow noopener"&gt;shawn.webb@hardenedbsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/lattera" rel="nofollow noopener"&gt;@lattera&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Address space layout randomization &lt;a href="http://hardenedbsd.org/" rel="nofollow noopener"&gt;in FreeBSD&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/reverse-ssh" rel="nofollow noopener"&gt;Reverse SSH tunneling&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://deuterion.net/puppet-master-agent-installation-on-freebsd/" rel="nofollow noopener"&gt;Puppet master-agent installation on FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before&lt;/li&gt;
&lt;li&gt;The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own&lt;/li&gt;
&lt;li&gt;He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems&lt;/li&gt;
&lt;li&gt;The rest of the post explains how to set up both the master and the agent configurations
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.mondaiji.com/blog/other/it/10175-the-hunt-for-the-ultimate-free-open-source-firewall-distro" rel="nofollow noopener"&gt;Misc. pfSense items&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We found a few miscellaneous pfSense articles this past week &lt;/li&gt;
&lt;li&gt;The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender&lt;/li&gt;
&lt;li&gt;&lt;a href="http://willbradley.name/2014/08/20/logging-natfirewallstate-entries-in-pfsense/" rel="nofollow noopener"&gt;The second one&lt;/a&gt; shows how to log NAT firewall states (a good way to find out which family member has been torrenting!)&lt;/li&gt;
&lt;li&gt;In &lt;a href="http://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/" rel="nofollow noopener"&gt;the third&lt;/a&gt;, you can see how to automatically back up your configuration files&lt;/li&gt;
&lt;li&gt;&lt;a href="https://vidarw.wordpress.com/2014/07/09/network-boot-with-pfsense-and-tftpd32/" rel="nofollow noopener"&gt;The fourth item&lt;/a&gt; shows how to set up PXE booting with pfSense, similar to one of our tutorials
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.khubla.com/freebsd/timemachine-backups-on-freebsd-10" rel="nofollow noopener"&gt;Time Machine backups on ZFS&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule"&lt;/li&gt;
&lt;li&gt;This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system&lt;/li&gt;
&lt;li&gt;With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive&lt;/li&gt;
&lt;li&gt;Surprisingly simple to do, recommended for anyone with Macs on their network
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.pcbsd.org/2014/08/pc-bsd-10-0-3-preview-lumina-desktop/" rel="nofollow noopener"&gt;Lumina desktop preview&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely&lt;/li&gt;
&lt;li&gt;The main developer has posted an update on the PCBSD blog with some screenshots&lt;/li&gt;
&lt;li&gt;Lots of new features have been added, many of which are documented in the post&lt;/li&gt;
&lt;li&gt;There just might be a BSD Now episode about Lumina coming up.. (cough cough)
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21eLBvf1l" rel="nofollow noopener"&gt;Gary writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20xqTKNrf" rel="nofollow noopener"&gt;Cedric writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21q428tPj" rel="nofollow noopener"&gt;Caldwell writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2uVLhqCaO" rel="nofollow noopener"&gt;Cary writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, ssh, tunnel, reverse tunnel, encryption, aslr, pie, address space layout randomization, position-independent executables, nsd, bind, unbound, dns server, pfsense, shawn webb, time machine, os x, nginx</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsdfoundation.org/press/2014augupdate.pdf" rel="nofollow noopener">FreeBSD foundation August update</a></h3>

<ul>
<li>The foundation has published a new PDF detailing some of their recent activities</li>
<li>It includes project development updates, the 10.1-RELEASE schedule and some of its new features</li>
<li>There is also a short interview with <a href="http://www.bsdnow.tv/episodes/2014_04_09-pxe_dust" rel="nofollow noopener">Dru Lavigne</a> in the "voices from the community" section</li>
<li>If you're into hardware, there's another section about some new FreeBSD server equipment</li>
<li>In closing, there's an update on funding too
***</li>
</ul>

<h3><a href="http://www.prado.it/2014/08/20/how-to-run-master-nsd-on-freebsd-10-0/" rel="nofollow noopener">NSD for an authoritative nameserver</a></h3>

<ul>
<li>With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup</li>
<li>This article shows how to use NSD for an authoritative DNS nameserver</li>
<li>It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)</li>
<li>All the instructions are presented very neatly, with all the little details included</li>
<li>Less BIND means less vulnerabilities, everybody's happy
***</li>
</ul>

<h3><a href="http://marc.info/?l=openbsd-cvs&amp;m=140873518514033&amp;w=2" rel="nofollow noopener">BIND and Nginx removed from OpenBSD</a></h3>

<ul>
<li>While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well</li>
<li>The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)</li>
<li>They've also <a href="http://marc.info/?l=openbsd-cvs&amp;m=140908174910713&amp;w=2" rel="nofollow noopener">removed nginx</a> from the base system, in favor of the new custom HTTP daemon</li>
<li>BIND and Nginx are still available in ports if you don't want to switch</li>
<li>We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on</li>
<li>With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives
***</li>
</ul>

<h3><a href="https://www.youtube.com/user/tsutsuii/videos" rel="nofollow noopener">NetBSD demo videos</a></h3>

<ul>
<li>A Japanese NetBSD developer has been uploading lots of interesting videos</li>
<li>Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware</li>
<li>Most of them are demoing sound or running a modern Twitter client on an ancient computer</li>
<li>They're from the same guy that did the conference wrap-up we mentioned recently
***</li>
</ul>

<h2>Interview - Shawn Webb - <a href="mailto:shawn.webb@hardenedbsd.org" rel="nofollow noopener">shawn.webb@hardenedbsd.org</a> / <a href="https://twitter.com/lattera" rel="nofollow noopener">@lattera</a></h2>

<p>Address space layout randomization <a href="http://hardenedbsd.org/" rel="nofollow noopener">in FreeBSD</a></p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/reverse-ssh" rel="nofollow noopener">Reverse SSH tunneling</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://deuterion.net/puppet-master-agent-installation-on-freebsd/" rel="nofollow noopener">Puppet master-agent installation on FreeBSD</a></h3>

<ul>
<li>If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before</li>
<li>The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own</li>
<li>He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems</li>
<li>The rest of the post explains how to set up both the master and the agent configurations
***</li>
</ul>

<h3><a href="http://www.mondaiji.com/blog/other/it/10175-the-hunt-for-the-ultimate-free-open-source-firewall-distro" rel="nofollow noopener">Misc. pfSense items</a></h3>

<ul>
<li>We found a few miscellaneous pfSense articles this past week </li>
<li>The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender</li>
<li><a href="http://willbradley.name/2014/08/20/logging-natfirewallstate-entries-in-pfsense/" rel="nofollow noopener">The second one</a> shows how to log NAT firewall states (a good way to find out which family member has been torrenting!)</li>
<li>In <a href="http://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/" rel="nofollow noopener">the third</a>, you can see how to automatically back up your configuration files</li>
<li><a href="https://vidarw.wordpress.com/2014/07/09/network-boot-with-pfsense-and-tftpd32/" rel="nofollow noopener">The fourth item</a> shows how to set up PXE booting with pfSense, similar to one of our tutorials
***</li>
</ul>

<h3><a href="http://blog.khubla.com/freebsd/timemachine-backups-on-freebsd-10" rel="nofollow noopener">Time Machine backups on ZFS</a></h3>

<ul>
<li>If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule"</li>
<li>This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system</li>
<li>With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive</li>
<li>Surprisingly simple to do, recommended for anyone with Macs on their network
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/08/pc-bsd-10-0-3-preview-lumina-desktop/" rel="nofollow noopener">Lumina desktop preview</a></h3>

<ul>
<li>Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely</li>
<li>The main developer has posted an update on the PCBSD blog with some screenshots</li>
<li>Lots of new features have been added, many of which are documented in the post</li>
<li>There just might be a BSD Now episode about Lumina coming up.. (cough cough)
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21eLBvf1l" rel="nofollow noopener">Gary writes in</a></li>
<li><a href="http://slexy.org/view/s20xqTKNrf" rel="nofollow noopener">Cedric writes in</a></li>
<li><a href="http://slexy.org/view/s21q428tPj" rel="nofollow noopener">Caldwell writes in</a></li>
<li><a href="http://slexy.org/view/s2uVLhqCaO" rel="nofollow noopener">Cary writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.freebsdfoundation.org/press/2014augupdate.pdf" rel="nofollow noopener">FreeBSD foundation August update</a></h3>

<ul>
<li>The foundation has published a new PDF detailing some of their recent activities</li>
<li>It includes project development updates, the 10.1-RELEASE schedule and some of its new features</li>
<li>There is also a short interview with <a href="http://www.bsdnow.tv/episodes/2014_04_09-pxe_dust" rel="nofollow noopener">Dru Lavigne</a> in the "voices from the community" section</li>
<li>If you're into hardware, there's another section about some new FreeBSD server equipment</li>
<li>In closing, there's an update on funding too
***</li>
</ul>

<h3><a href="http://www.prado.it/2014/08/20/how-to-run-master-nsd-on-freebsd-10-0/" rel="nofollow noopener">NSD for an authoritative nameserver</a></h3>

<ul>
<li>With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup</li>
<li>This article shows how to use NSD for an authoritative DNS nameserver</li>
<li>It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)</li>
<li>All the instructions are presented very neatly, with all the little details included</li>
<li>Less BIND means less vulnerabilities, everybody's happy
***</li>
</ul>

<h3><a href="http://marc.info/?l=openbsd-cvs&amp;m=140873518514033&amp;w=2" rel="nofollow noopener">BIND and Nginx removed from OpenBSD</a></h3>

<ul>
<li>While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well</li>
<li>The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)</li>
<li>They've also <a href="http://marc.info/?l=openbsd-cvs&amp;m=140908174910713&amp;w=2" rel="nofollow noopener">removed nginx</a> from the base system, in favor of the new custom HTTP daemon</li>
<li>BIND and Nginx are still available in ports if you don't want to switch</li>
<li>We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on</li>
<li>With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives
***</li>
</ul>

<h3><a href="https://www.youtube.com/user/tsutsuii/videos" rel="nofollow noopener">NetBSD demo videos</a></h3>

<ul>
<li>A Japanese NetBSD developer has been uploading lots of interesting videos</li>
<li>Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware</li>
<li>Most of them are demoing sound or running a modern Twitter client on an ancient computer</li>
<li>They're from the same guy that did the conference wrap-up we mentioned recently
***</li>
</ul>

<h2>Interview - Shawn Webb - <a href="mailto:shawn.webb@hardenedbsd.org" rel="nofollow noopener">shawn.webb@hardenedbsd.org</a> / <a href="https://twitter.com/lattera" rel="nofollow noopener">@lattera</a></h2>

<p>Address space layout randomization <a href="http://hardenedbsd.org/" rel="nofollow noopener">in FreeBSD</a></p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/reverse-ssh" rel="nofollow noopener">Reverse SSH tunneling</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://deuterion.net/puppet-master-agent-installation-on-freebsd/" rel="nofollow noopener">Puppet master-agent installation on FreeBSD</a></h3>

<ul>
<li>If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before</li>
<li>The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own</li>
<li>He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems</li>
<li>The rest of the post explains how to set up both the master and the agent configurations
***</li>
</ul>

<h3><a href="http://www.mondaiji.com/blog/other/it/10175-the-hunt-for-the-ultimate-free-open-source-firewall-distro" rel="nofollow noopener">Misc. pfSense items</a></h3>

<ul>
<li>We found a few miscellaneous pfSense articles this past week </li>
<li>The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender</li>
<li><a href="http://willbradley.name/2014/08/20/logging-natfirewallstate-entries-in-pfsense/" rel="nofollow noopener">The second one</a> shows how to log NAT firewall states (a good way to find out which family member has been torrenting!)</li>
<li>In <a href="http://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/" rel="nofollow noopener">the third</a>, you can see how to automatically back up your configuration files</li>
<li><a href="https://vidarw.wordpress.com/2014/07/09/network-boot-with-pfsense-and-tftpd32/" rel="nofollow noopener">The fourth item</a> shows how to set up PXE booting with pfSense, similar to one of our tutorials
***</li>
</ul>

<h3><a href="http://blog.khubla.com/freebsd/timemachine-backups-on-freebsd-10" rel="nofollow noopener">Time Machine backups on ZFS</a></h3>

<ul>
<li>If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule"</li>
<li>This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system</li>
<li>With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive</li>
<li>Surprisingly simple to do, recommended for anyone with Macs on their network
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/08/pc-bsd-10-0-3-preview-lumina-desktop/" rel="nofollow noopener">Lumina desktop preview</a></h3>

<ul>
<li>Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely</li>
<li>The main developer has posted an update on the PCBSD blog with some screenshots</li>
<li>Lots of new features have been added, many of which are documented in the post</li>
<li>There just might be a BSD Now episode about Lumina coming up.. (cough cough)
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21eLBvf1l" rel="nofollow noopener">Gary writes in</a></li>
<li><a href="http://slexy.org/view/s20xqTKNrf" rel="nofollow noopener">Cedric writes in</a></li>
<li><a href="http://slexy.org/view/s21q428tPj" rel="nofollow noopener">Caldwell writes in</a></li>
<li><a href="http://slexy.org/view/s2uVLhqCaO" rel="nofollow noopener">Cary writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>50: VPN, My Dear Watson</title>
  <link>https://www.bsdnow.tv/50</link>
  <guid isPermaLink="false">b0306dc5-ee87-4a03-aeea-9a89b915ff5e</guid>
  <pubDate>Wed, 13 Aug 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/b0306dc5-ee87-4a03-aeea-9a89b915ff5e.mp3" length="62998996" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:27:29</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.ixsystems.com/whats-new/ixsystems-to-host-meetbsd-california-2014-at-western-digital-in-san-jose/" rel="nofollow noopener"&gt;MeetBSD 2014 is approaching&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California&lt;/li&gt;
&lt;li&gt;MeetBSD has an "unconference" format, which means there will be both planned talks and community events&lt;/li&gt;
&lt;li&gt;All the extra details will be on &lt;a href="https://www.meetbsd.com/" rel="nofollow noopener"&gt;their site&lt;/a&gt; soon&lt;/li&gt;
&lt;li&gt;It also has hotels and various other bits of useful information - hopefully with more info on the talks to come&lt;/li&gt;
&lt;li&gt;Of course, EuroBSDCon is coming up before then
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.azabani.com/2014/08/09/first-experiences-with-openbsd.html" rel="nofollow noopener"&gt;First experiences with OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"&lt;/li&gt;
&lt;li&gt;The author read the famous "&lt;a href="http://www.over-yonder.net/%7Efullermd/rants/bsd4linux/01" rel="nofollow noopener"&gt;BSD for Linux users&lt;/a&gt;" series (that most of us have surely seen) and decided to give BSD a try&lt;/li&gt;
&lt;li&gt;He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"&lt;/li&gt;
&lt;li&gt;From there, it talks about how he used the OpenBSD USB image and got a fully-working system&lt;/li&gt;
&lt;li&gt;He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration&lt;/li&gt;
&lt;li&gt;Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! 
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://blog.netbsd.org/tnf/entry/an_internet_ready_os_from" rel="nofollow noopener"&gt;NetBSD rump kernels on bare metal (and Kansai OSC report)&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right&lt;/li&gt;
&lt;li&gt;However, NetBSD's rump kernels - a very unique concept - make this process a lot easier&lt;/li&gt;
&lt;li&gt;This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week&lt;/li&gt;
&lt;li&gt;Also have a look back at &lt;a href="http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction" rel="nofollow noopener"&gt;episode 8&lt;/a&gt; for our interview about rump kernels and what exactly they do&lt;/li&gt;
&lt;li&gt;While on the topic of NetBSD, there were also a couple of &lt;a href="http://mail-index.netbsd.org/netbsd-advocacy/2014/08/09/msg000658.html" rel="nofollow noopener"&gt;very detailed reports&lt;/a&gt; (with lots of pictures!) of the various NetBSD-themed booths at the 2014 &lt;a href="http://d.hatena.ne.jp/mizuno-as/20140806/1407307913" rel="nofollow noopener"&gt;Kansai Open Source Conference&lt;/a&gt; that we wanted to highlight
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.openssl.org/news/secadv_20140806.txt" rel="nofollow noopener"&gt;OpenSSL and LibreSSL updates&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)&lt;/li&gt;
&lt;li&gt;Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more&lt;/li&gt;
&lt;li&gt;&lt;a href="http://marc.info/?l=openbsd-tech&amp;amp;m=140752295222929&amp;amp;w=2" rel="nofollow noopener"&gt;LibreSSL released a new version&lt;/a&gt; to address most of the vulnerabilities, but wasn't affected by some of them&lt;/li&gt;
&lt;li&gt;Whichever version of whatever SSL you use, make sure it's patched for these issues&lt;/li&gt;
&lt;li&gt;DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Robert Watson - &lt;a href="mailto:rwatson@freebsd.org" rel="nofollow noopener"&gt;rwatson@freebsd.org&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;FreeBSD architecture, security research techniques, exploit mitigation&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/openvpn" rel="nofollow noopener"&gt;Protecting traffic with a BSD-based VPN&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://lechindianer.de/blog/2014/08/06/freebsd-cgit/" rel="nofollow noopener"&gt;A FreeBSD-based CGit server&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you use git (like a certain host of this show) then you've probably considered setting up your own server&lt;/li&gt;
&lt;li&gt;This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend&lt;/li&gt;
&lt;li&gt;It even shows you how to set up multiple repos with key-based user separation and other cool things&lt;/li&gt;
&lt;li&gt;The author of the post is also a listener of the show, thanks for sending it in!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.smallbusinesscomputing.com/biztools/6-data-backup-devices-for-small-businesses.html" rel="nofollow noopener"&gt;Backup devices for small businesses&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;In this article, different methods of data storage and backup are compared&lt;/li&gt;
&lt;li&gt;After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer&lt;/li&gt;
&lt;li&gt;He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers&lt;/li&gt;
&lt;li&gt;It also goes over some of the hardware specifics in the FreeNAS Mini
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.bronevichok.ru/2014/08/06/testing-of-xorg.html" rel="nofollow noopener"&gt;A new Xenocara interview&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara&lt;/li&gt;
&lt;li&gt;If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches&lt;/li&gt;
&lt;li&gt;In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing&lt;/li&gt;
&lt;li&gt;Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://not.burntout.org/blog/high_performance_samba_server_on_freebsd/" rel="nofollow noopener"&gt;Building a high performance FreeBSD samba server&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?&lt;/li&gt;
&lt;li&gt;FreeBSD, ZFS and Samba obviously!&lt;/li&gt;
&lt;li&gt;The master image and related files clock in at over 20GB, and will be accessed at the same time by &lt;em&gt;all&lt;/em&gt; of those clients&lt;/li&gt;
&lt;li&gt;This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)&lt;/li&gt;
&lt;li&gt;It doesn't even require the newest or best hardware with the right changes, pretty cool
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://www.reddit.com/r/BSD/comments/2ctlt4/switched_from_arch_linux_to_openbsd_reference/" rel="nofollow noopener"&gt;An interesting Reddit thread&lt;/a&gt; (&lt;a href="http://www.reddit.com/r/BSD/comments/2dcig9/thinking_about_coming_to_bsd_from_arch" rel="nofollow noopener"&gt;or two&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21t7L5bqO" rel="nofollow noopener"&gt;PB writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20MFywDqZ" rel="nofollow noopener"&gt;Sean writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2Td6nq11J" rel="nofollow noopener"&gt;Steve writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s215MlpJYV" rel="nofollow noopener"&gt;Lachlan writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2N4JKkoKt" rel="nofollow noopener"&gt;Justin writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, vpn, vps, openvpn, tunnel, ssh, security, exploit mitigation, zfs, lzo, tls, xenocara, x11, xorg, freenas, freenas mini, ixsystems, network attached storage, nas, meetbsd, rump kernels, libressl, openssl, kansai</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://www.ixsystems.com/whats-new/ixsystems-to-host-meetbsd-california-2014-at-western-digital-in-san-jose/" rel="nofollow noopener">MeetBSD 2014 is approaching</a></h3>

<ul>
<li>The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California</li>
<li>MeetBSD has an "unconference" format, which means there will be both planned talks and community events</li>
<li>All the extra details will be on <a href="https://www.meetbsd.com/" rel="nofollow noopener">their site</a> soon</li>
<li>It also has hotels and various other bits of useful information - hopefully with more info on the talks to come</li>
<li>Of course, EuroBSDCon is coming up before then
***</li>
</ul>

<h3><a href="https://www.azabani.com/2014/08/09/first-experiences-with-openbsd.html" rel="nofollow noopener">First experiences with OpenBSD</a></h3>

<ul>
<li>A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"</li>
<li>The author read the famous "<a href="http://www.over-yonder.net/%7Efullermd/rants/bsd4linux/01" rel="nofollow noopener">BSD for Linux users</a>" series (that most of us have surely seen) and decided to give BSD a try</li>
<li>He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"</li>
<li>From there, it talks about how he used the OpenBSD USB image and got a fully-working system</li>
<li>He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration</li>
<li>Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! 
***</li>
</ul>

<h3><a href="https://blog.netbsd.org/tnf/entry/an_internet_ready_os_from" rel="nofollow noopener">NetBSD rump kernels on bare metal (and Kansai OSC report)</a></h3>

<ul>
<li>When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right</li>
<li>However, NetBSD's rump kernels - a very unique concept - make this process a lot easier</li>
<li>This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week</li>
<li>Also have a look back at <a href="http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction" rel="nofollow noopener">episode 8</a> for our interview about rump kernels and what exactly they do</li>
<li>While on the topic of NetBSD, there were also a couple of <a href="http://mail-index.netbsd.org/netbsd-advocacy/2014/08/09/msg000658.html" rel="nofollow noopener">very detailed reports</a> (with lots of pictures!) of the various NetBSD-themed booths at the 2014 <a href="http://d.hatena.ne.jp/mizuno-as/20140806/1407307913" rel="nofollow noopener">Kansai Open Source Conference</a> that we wanted to highlight
***</li>
</ul>

<h3><a href="https://www.openssl.org/news/secadv_20140806.txt" rel="nofollow noopener">OpenSSL and LibreSSL updates</a></h3>

<ul>
<li>OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)</li>
<li>Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more</li>
<li><a href="http://marc.info/?l=openbsd-tech&amp;m=140752295222929&amp;w=2" rel="nofollow noopener">LibreSSL released a new version</a> to address most of the vulnerabilities, but wasn't affected by some of them</li>
<li>Whichever version of whatever SSL you use, make sure it's patched for these issues</li>
<li>DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)
***</li>
</ul>

<h2>Interview - Robert Watson - <a href="mailto:rwatson@freebsd.org" rel="nofollow noopener">rwatson@freebsd.org</a></h2>

<p>FreeBSD architecture, security research techniques, exploit mitigation</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/openvpn" rel="nofollow noopener">Protecting traffic with a BSD-based VPN</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://lechindianer.de/blog/2014/08/06/freebsd-cgit/" rel="nofollow noopener">A FreeBSD-based CGit server</a></h3>

<ul>
<li>If you use git (like a certain host of this show) then you've probably considered setting up your own server</li>
<li>This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend</li>
<li>It even shows you how to set up multiple repos with key-based user separation and other cool things</li>
<li>The author of the post is also a listener of the show, thanks for sending it in!
***</li>
</ul>

<h3><a href="http://www.smallbusinesscomputing.com/biztools/6-data-backup-devices-for-small-businesses.html" rel="nofollow noopener">Backup devices for small businesses</a></h3>

<ul>
<li>In this article, different methods of data storage and backup are compared</li>
<li>After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer</li>
<li>He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers</li>
<li>It also goes over some of the hardware specifics in the FreeNAS Mini
***</li>
</ul>

<h3><a href="http://blog.bronevichok.ru/2014/08/06/testing-of-xorg.html" rel="nofollow noopener">A new Xenocara interview</a></h3>

<ul>
<li>As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara</li>
<li>If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches</li>
<li>In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing</li>
<li>Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there
***</li>
</ul>

<h3><a href="https://not.burntout.org/blog/high_performance_samba_server_on_freebsd/" rel="nofollow noopener">Building a high performance FreeBSD samba server</a></h3>

<ul>
<li>If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?</li>
<li>FreeBSD, ZFS and Samba obviously!</li>
<li>The master image and related files clock in at over 20GB, and will be accessed at the same time by <em>all</em> of those clients</li>
<li>This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)</li>
<li>It doesn't even require the newest or best hardware with the right changes, pretty cool
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://www.reddit.com/r/BSD/comments/2ctlt4/switched_from_arch_linux_to_openbsd_reference/" rel="nofollow noopener">An interesting Reddit thread</a> (<a href="http://www.reddit.com/r/BSD/comments/2dcig9/thinking_about_coming_to_bsd_from_arch" rel="nofollow noopener">or two</a>)</li>
<li><a href="http://slexy.org/view/s21t7L5bqO" rel="nofollow noopener">PB writes in</a></li>
<li><a href="http://slexy.org/view/s20MFywDqZ" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s2Td6nq11J" rel="nofollow noopener">Steve writes in</a></li>
<li><a href="http://slexy.org/view/s215MlpJYV" rel="nofollow noopener">Lachlan writes in</a></li>
<li><a href="http://slexy.org/view/s2N4JKkoKt" rel="nofollow noopener">Justin writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://www.ixsystems.com/whats-new/ixsystems-to-host-meetbsd-california-2014-at-western-digital-in-san-jose/" rel="nofollow noopener">MeetBSD 2014 is approaching</a></h3>

<ul>
<li>The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California</li>
<li>MeetBSD has an "unconference" format, which means there will be both planned talks and community events</li>
<li>All the extra details will be on <a href="https://www.meetbsd.com/" rel="nofollow noopener">their site</a> soon</li>
<li>It also has hotels and various other bits of useful information - hopefully with more info on the talks to come</li>
<li>Of course, EuroBSDCon is coming up before then
***</li>
</ul>

<h3><a href="https://www.azabani.com/2014/08/09/first-experiences-with-openbsd.html" rel="nofollow noopener">First experiences with OpenBSD</a></h3>

<ul>
<li>A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"</li>
<li>The author read the famous "<a href="http://www.over-yonder.net/%7Efullermd/rants/bsd4linux/01" rel="nofollow noopener">BSD for Linux users</a>" series (that most of us have surely seen) and decided to give BSD a try</li>
<li>He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"</li>
<li>From there, it talks about how he used the OpenBSD USB image and got a fully-working system</li>
<li>He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration</li>
<li>Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! 
***</li>
</ul>

<h3><a href="https://blog.netbsd.org/tnf/entry/an_internet_ready_os_from" rel="nofollow noopener">NetBSD rump kernels on bare metal (and Kansai OSC report)</a></h3>

<ul>
<li>When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right</li>
<li>However, NetBSD's rump kernels - a very unique concept - make this process a lot easier</li>
<li>This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week</li>
<li>Also have a look back at <a href="http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction" rel="nofollow noopener">episode 8</a> for our interview about rump kernels and what exactly they do</li>
<li>While on the topic of NetBSD, there were also a couple of <a href="http://mail-index.netbsd.org/netbsd-advocacy/2014/08/09/msg000658.html" rel="nofollow noopener">very detailed reports</a> (with lots of pictures!) of the various NetBSD-themed booths at the 2014 <a href="http://d.hatena.ne.jp/mizuno-as/20140806/1407307913" rel="nofollow noopener">Kansai Open Source Conference</a> that we wanted to highlight
***</li>
</ul>

<h3><a href="https://www.openssl.org/news/secadv_20140806.txt" rel="nofollow noopener">OpenSSL and LibreSSL updates</a></h3>

<ul>
<li>OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)</li>
<li>Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more</li>
<li><a href="http://marc.info/?l=openbsd-tech&amp;m=140752295222929&amp;w=2" rel="nofollow noopener">LibreSSL released a new version</a> to address most of the vulnerabilities, but wasn't affected by some of them</li>
<li>Whichever version of whatever SSL you use, make sure it's patched for these issues</li>
<li>DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)
***</li>
</ul>

<h2>Interview - Robert Watson - <a href="mailto:rwatson@freebsd.org" rel="nofollow noopener">rwatson@freebsd.org</a></h2>

<p>FreeBSD architecture, security research techniques, exploit mitigation</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/openvpn" rel="nofollow noopener">Protecting traffic with a BSD-based VPN</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://lechindianer.de/blog/2014/08/06/freebsd-cgit/" rel="nofollow noopener">A FreeBSD-based CGit server</a></h3>

<ul>
<li>If you use git (like a certain host of this show) then you've probably considered setting up your own server</li>
<li>This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend</li>
<li>It even shows you how to set up multiple repos with key-based user separation and other cool things</li>
<li>The author of the post is also a listener of the show, thanks for sending it in!
***</li>
</ul>

<h3><a href="http://www.smallbusinesscomputing.com/biztools/6-data-backup-devices-for-small-businesses.html" rel="nofollow noopener">Backup devices for small businesses</a></h3>

<ul>
<li>In this article, different methods of data storage and backup are compared</li>
<li>After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer</li>
<li>He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers</li>
<li>It also goes over some of the hardware specifics in the FreeNAS Mini
***</li>
</ul>

<h3><a href="http://blog.bronevichok.ru/2014/08/06/testing-of-xorg.html" rel="nofollow noopener">A new Xenocara interview</a></h3>

<ul>
<li>As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara</li>
<li>If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches</li>
<li>In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing</li>
<li>Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there
***</li>
</ul>

<h3><a href="https://not.burntout.org/blog/high_performance_samba_server_on_freebsd/" rel="nofollow noopener">Building a high performance FreeBSD samba server</a></h3>

<ul>
<li>If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?</li>
<li>FreeBSD, ZFS and Samba obviously!</li>
<li>The master image and related files clock in at over 20GB, and will be accessed at the same time by <em>all</em> of those clients</li>
<li>This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)</li>
<li>It doesn't even require the newest or best hardware with the right changes, pretty cool
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://www.reddit.com/r/BSD/comments/2ctlt4/switched_from_arch_linux_to_openbsd_reference/" rel="nofollow noopener">An interesting Reddit thread</a> (<a href="http://www.reddit.com/r/BSD/comments/2dcig9/thinking_about_coming_to_bsd_from_arch" rel="nofollow noopener">or two</a>)</li>
<li><a href="http://slexy.org/view/s21t7L5bqO" rel="nofollow noopener">PB writes in</a></li>
<li><a href="http://slexy.org/view/s20MFywDqZ" rel="nofollow noopener">Sean writes in</a></li>
<li><a href="http://slexy.org/view/s2Td6nq11J" rel="nofollow noopener">Steve writes in</a></li>
<li><a href="http://slexy.org/view/s215MlpJYV" rel="nofollow noopener">Lachlan writes in</a></li>
<li><a href="http://slexy.org/view/s2N4JKkoKt" rel="nofollow noopener">Justin writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>46: Network Iodometry</title>
  <link>https://www.bsdnow.tv/46</link>
  <guid isPermaLink="false">e23303c8-31f0-4706-817c-1618e08cd149</guid>
  <pubDate>Wed, 16 Jul 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/e23303c8-31f0-4706-817c-1618e08cd149.mp3" length="76226260" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:45:52</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://2014.eurobsdcon.org/registration/" rel="nofollow noopener"&gt;EuroBSDCon 2014 registration open&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year&lt;/li&gt;
&lt;li&gt;Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th&lt;/li&gt;
&lt;li&gt;Tutorials, sessions, dev summits and everything else all have their own pricing as well&lt;/li&gt;
&lt;li&gt;Registering between August 18th - September 12th will cost more for everything&lt;/li&gt;
&lt;li&gt;You can &lt;a href="http://registration.eurobsdcon.org/" rel="nofollow noopener"&gt;register online here&lt;/a&gt; and &lt;a href="http://2014.eurobsdcon.org/registration/travel-and-stay/hotels" rel="nofollow noopener"&gt;check hotels in the area&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;The FreeBSD foundation is also &lt;a href="https://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001577.html" rel="nofollow noopener"&gt;accepting applications&lt;/a&gt; for travel grants
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://marc.info/?t=140440541000002&amp;amp;r=1&amp;amp;w=2" rel="nofollow noopener"&gt;OpenBSD SMP PF update&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded&lt;/li&gt;
&lt;li&gt;With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump&lt;/li&gt;
&lt;li&gt;In a recent mailing list thread, &lt;a href="http://www.bsdnow.tv/episodes/2013_10_30-current_events" rel="nofollow noopener"&gt;Henning Brauer&lt;/a&gt; addresses some of the concerns&lt;/li&gt;
&lt;li&gt;The &lt;a href="http://marc.info/?l=openbsd-misc&amp;amp;m=140479174521071&amp;amp;w=2" rel="nofollow noopener"&gt;short version&lt;/a&gt; is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless&lt;/li&gt;
&lt;li&gt;He &lt;a href="http://marc.info/?l=openbsd-misc&amp;amp;m=140481012425889&amp;amp;w=2" rel="nofollow noopener"&gt;also says&lt;/a&gt; PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through&lt;/li&gt;
&lt;li&gt;There's also been &lt;a href="https://lists.freebsd.org/pipermail/freebsd-pf/2014-July/thread.html" rel="nofollow noopener"&gt;even more recent concern&lt;/a&gt; about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches&lt;/li&gt;
&lt;li&gt;We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://saveosx.org/pkgsrc-intro/" rel="nofollow noopener"&gt;Introduction to NetBSD pkgsrc&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;An article from one of our listeners about how to create a new pkgsrc port or fix one that you need&lt;/li&gt;
&lt;li&gt;The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format&lt;/li&gt;
&lt;li&gt;It also lists all the different bmake targets and their functions in relation to the porting process&lt;/li&gt;
&lt;li&gt;Finally, the post details the whole process of creating a new port
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.freebsd.org/releases/9.3R/relnotes.html" rel="nofollow noopener"&gt;FreeBSD 9.3-RELEASE&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced &lt;a href="https://www.freebsd.org/releases/9.3R/schedule.html" rel="nofollow noopener"&gt;today&lt;/a&gt; but actually came out yesterday&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.freebsd.org/releases/9.3R/relnotes.html" rel="nofollow noopener"&gt;The full list of changes&lt;/a&gt; is available, but it's mostly a smaller maintenance release&lt;/li&gt;
&lt;li&gt;Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more&lt;/li&gt;
&lt;li&gt;If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon&lt;/li&gt;
&lt;li&gt;Good news, this will be &lt;a href="https://twitter.com/evilgjb/status/485909719522222080" rel="nofollow noopener"&gt;the first release&lt;/a&gt; with PGP-signed checksums on the FTP mirrors - a very welcome change&lt;/li&gt;
&lt;li&gt;With that out of the way, the 10.1-RELEASE schedule &lt;a href="https://www.freebsd.org/releases/10.1R/schedule.html" rel="nofollow noopener"&gt;was posted&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Bryan Drewery - &lt;a href="mailto:bdrewery@freebsd.org" rel="nofollow noopener"&gt;bdrewery@freebsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/bdrewery" rel="nofollow noopener"&gt;@bdrewery&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;The FreeBSD package building cluster, pkgng, ports, various topics&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/ssh-dns" rel="nofollow noopener"&gt;Tunneling traffic through DNS&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://blog.feld.me/posts/2014/07/ssh-two-factor-authentication-on-freebsd/" rel="nofollow noopener"&gt;SSH two-factor authentication on FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website&lt;/li&gt;
&lt;li&gt;This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port&lt;/li&gt;
&lt;li&gt;Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally&lt;/li&gt;
&lt;li&gt;It's a really, really simple process once you have the port installed - full details on the page
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.darvilleit.com/why-i-ditched-tape-backup-for-a-custom-made-freenas-backup/" rel="nofollow noopener"&gt;Ditch tape backup in favor of FreeNAS&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The author of this post shares some of his horrible experiences with tape backups for a client&lt;/li&gt;
&lt;li&gt;Having constant, daily errors and failed backups, he needed to find another solution&lt;/li&gt;
&lt;li&gt;With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS)&lt;/li&gt;
&lt;li&gt;The rest of the article details his experiences with it and tells about his setup
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://imil.net/wp/2014/07/02/back-to-2000-2005-freebsd-desktop-2/" rel="nofollow noopener"&gt;NetBSD vs FreeBSD, desktop experiences&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job&lt;/li&gt;
&lt;li&gt;Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver&lt;/li&gt;
&lt;li&gt;"Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga."&lt;/li&gt;
&lt;li&gt;He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system 
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.pcbsd.org/2014/07/pc-bsd-feature-digest-31-warden-cli-upgrade-irc-announcement/" rel="nofollow noopener"&gt;PCBSD not-so-weekly digest&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Speaking of choices for a desktop system, it's the return of the PCBSD digest!&lt;/li&gt;
&lt;li&gt;Warden and PBI_add have gotten some interesting new features&lt;/li&gt;
&lt;li&gt;You can now create jails "on the fly" when adding a new PBI to your application library&lt;/li&gt;
&lt;li&gt;Bulk jail creation is also possible now, and it's really easy&lt;/li&gt;
&lt;li&gt;New Jenkins integration, with public access to &lt;a href="http://builds.pcbsd.org" rel="nofollow noopener"&gt;poudriere logs as well&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;PkgNG 1.3.0.rc2 testing for EDGE users
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21D05MP0t" rel="nofollow noopener"&gt;Jeff writes in&lt;/a&gt; - &lt;a href="http://allanjude.com/zfs_handbook/zfs-zfs.html#zfs-send-ssh" rel="nofollow noopener"&gt;Sending Encrypted Backups over SSH&lt;/a&gt; + &lt;a href="http://wiki.pcbsd.org/index.php/Life_Preserver/10.0#Backing_Up_to_a_FreeNAS_System" rel="nofollow noopener"&gt;Sending ZFS snapshots via user&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2lzo1swzo" rel="nofollow noopener"&gt;Bruce writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20z841ean" rel="nofollow noopener"&gt;Richard writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2QYc8BOAo" rel="nofollow noopener"&gt;Jeff writes in&lt;/a&gt; - &lt;a href="http://www.nycbug.org/index.cgi?action=dmesgd" rel="nofollow noopener"&gt;NYCBUG dmesg list&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2V2e1m7S7" rel="nofollow noopener"&gt;Steve writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonfly bsd, pc-bsd, tutorial, howto, guide, bsd, interview, iodine, dns, tunnel, ssh, encryption, vpn, ids, bypass, detection, portmgr, pkgng, bypassing, firewall, pkgsrccon, pkgsrc, pf, smp, eurobsdcon, 2014, multithreaded, presentations, talks, two factor authentication, freenas, 9.3</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://2014.eurobsdcon.org/registration/" rel="nofollow noopener">EuroBSDCon 2014 registration open</a></h3>

<ul>
<li>September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year</li>
<li>Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th</li>
<li>Tutorials, sessions, dev summits and everything else all have their own pricing as well</li>
<li>Registering between August 18th - September 12th will cost more for everything</li>
<li>You can <a href="http://registration.eurobsdcon.org/" rel="nofollow noopener">register online here</a> and <a href="http://2014.eurobsdcon.org/registration/travel-and-stay/hotels" rel="nofollow noopener">check hotels in the area</a></li>
<li>The FreeBSD foundation is also <a href="https://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001577.html" rel="nofollow noopener">accepting applications</a> for travel grants
***</li>
</ul>

<h3><a href="http://marc.info/?t=140440541000002&amp;r=1&amp;w=2" rel="nofollow noopener">OpenBSD SMP PF update</a></h3>

<ul>
<li>A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded</li>
<li>With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump</li>
<li>In a recent mailing list thread, <a href="http://www.bsdnow.tv/episodes/2013_10_30-current_events" rel="nofollow noopener">Henning Brauer</a> addresses some of the concerns</li>
<li>The <a href="http://marc.info/?l=openbsd-misc&amp;m=140479174521071&amp;w=2" rel="nofollow noopener">short version</a> is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless</li>
<li>He <a href="http://marc.info/?l=openbsd-misc&amp;m=140481012425889&amp;w=2" rel="nofollow noopener">also says</a> PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through</li>
<li>There's also been <a href="https://lists.freebsd.org/pipermail/freebsd-pf/2014-July/thread.html" rel="nofollow noopener">even more recent concern</a> about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches</li>
<li>We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us
***</li>
</ul>

<h3><a href="http://saveosx.org/pkgsrc-intro/" rel="nofollow noopener">Introduction to NetBSD pkgsrc</a></h3>

<ul>
<li>An article from one of our listeners about how to create a new pkgsrc port or fix one that you need</li>
<li>The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format</li>
<li>It also lists all the different bmake targets and their functions in relation to the porting process</li>
<li>Finally, the post details the whole process of creating a new port
***</li>
</ul>

<h3><a href="https://www.freebsd.org/releases/9.3R/relnotes.html" rel="nofollow noopener">FreeBSD 9.3-RELEASE</a></h3>

<ul>
<li>After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced <a href="https://www.freebsd.org/releases/9.3R/schedule.html" rel="nofollow noopener">today</a> but actually came out yesterday</li>
<li><a href="https://www.freebsd.org/releases/9.3R/relnotes.html" rel="nofollow noopener">The full list of changes</a> is available, but it's mostly a smaller maintenance release</li>
<li>Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more</li>
<li>If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon</li>
<li>Good news, this will be <a href="https://twitter.com/evilgjb/status/485909719522222080" rel="nofollow noopener">the first release</a> with PGP-signed checksums on the FTP mirrors - a very welcome change</li>
<li>With that out of the way, the 10.1-RELEASE schedule <a href="https://www.freebsd.org/releases/10.1R/schedule.html" rel="nofollow noopener">was posted</a>
***</li>
</ul>

<h2>Interview - Bryan Drewery - <a href="mailto:bdrewery@freebsd.org" rel="nofollow noopener">bdrewery@freebsd.org</a> / <a href="https://twitter.com/bdrewery" rel="nofollow noopener">@bdrewery</a></h2>

<p>The FreeBSD package building cluster, pkgng, ports, various topics</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/ssh-dns" rel="nofollow noopener">Tunneling traffic through DNS</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://blog.feld.me/posts/2014/07/ssh-two-factor-authentication-on-freebsd/" rel="nofollow noopener">SSH two-factor authentication on FreeBSD</a></h3>

<ul>
<li>We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website</li>
<li>This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port</li>
<li>Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally</li>
<li>It's a really, really simple process once you have the port installed - full details on the page
***</li>
</ul>

<h3><a href="http://www.darvilleit.com/why-i-ditched-tape-backup-for-a-custom-made-freenas-backup/" rel="nofollow noopener">Ditch tape backup in favor of FreeNAS</a></h3>

<ul>
<li>The author of this post shares some of his horrible experiences with tape backups for a client</li>
<li>Having constant, daily errors and failed backups, he needed to find another solution</li>
<li>With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS)</li>
<li>The rest of the article details his experiences with it and tells about his setup
***</li>
</ul>

<h3><a href="http://imil.net/wp/2014/07/02/back-to-2000-2005-freebsd-desktop-2/" rel="nofollow noopener">NetBSD vs FreeBSD, desktop experiences</a></h3>

<ul>
<li>A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job</li>
<li>Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver</li>
<li>"Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga."</li>
<li>He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system 
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/07/pc-bsd-feature-digest-31-warden-cli-upgrade-irc-announcement/" rel="nofollow noopener">PCBSD not-so-weekly digest</a></h3>

<ul>
<li>Speaking of choices for a desktop system, it's the return of the PCBSD digest!</li>
<li>Warden and PBI_add have gotten some interesting new features</li>
<li>You can now create jails "on the fly" when adding a new PBI to your application library</li>
<li>Bulk jail creation is also possible now, and it's really easy</li>
<li>New Jenkins integration, with public access to <a href="http://builds.pcbsd.org" rel="nofollow noopener">poudriere logs as well</a></li>
<li>PkgNG 1.3.0.rc2 testing for EDGE users
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21D05MP0t" rel="nofollow noopener">Jeff writes in</a> - <a href="http://allanjude.com/zfs_handbook/zfs-zfs.html#zfs-send-ssh" rel="nofollow noopener">Sending Encrypted Backups over SSH</a> + <a href="http://wiki.pcbsd.org/index.php/Life_Preserver/10.0#Backing_Up_to_a_FreeNAS_System" rel="nofollow noopener">Sending ZFS snapshots via user</a></li>
<li><a href="http://slexy.org/view/s2lzo1swzo" rel="nofollow noopener">Bruce writes in</a></li>
<li><a href="http://slexy.org/view/s20z841ean" rel="nofollow noopener">Richard writes in</a></li>
<li><a href="http://slexy.org/view/s2QYc8BOAo" rel="nofollow noopener">Jeff writes in</a> - <a href="http://www.nycbug.org/index.cgi?action=dmesgd" rel="nofollow noopener">NYCBUG dmesg list</a></li>
<li><a href="http://slexy.org/view/s2V2e1m7S7" rel="nofollow noopener">Steve writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://2014.eurobsdcon.org/registration/" rel="nofollow noopener">EuroBSDCon 2014 registration open</a></h3>

<ul>
<li>September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year</li>
<li>Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th</li>
<li>Tutorials, sessions, dev summits and everything else all have their own pricing as well</li>
<li>Registering between August 18th - September 12th will cost more for everything</li>
<li>You can <a href="http://registration.eurobsdcon.org/" rel="nofollow noopener">register online here</a> and <a href="http://2014.eurobsdcon.org/registration/travel-and-stay/hotels" rel="nofollow noopener">check hotels in the area</a></li>
<li>The FreeBSD foundation is also <a href="https://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001577.html" rel="nofollow noopener">accepting applications</a> for travel grants
***</li>
</ul>

<h3><a href="http://marc.info/?t=140440541000002&amp;r=1&amp;w=2" rel="nofollow noopener">OpenBSD SMP PF update</a></h3>

<ul>
<li>A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded</li>
<li>With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump</li>
<li>In a recent mailing list thread, <a href="http://www.bsdnow.tv/episodes/2013_10_30-current_events" rel="nofollow noopener">Henning Brauer</a> addresses some of the concerns</li>
<li>The <a href="http://marc.info/?l=openbsd-misc&amp;m=140479174521071&amp;w=2" rel="nofollow noopener">short version</a> is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless</li>
<li>He <a href="http://marc.info/?l=openbsd-misc&amp;m=140481012425889&amp;w=2" rel="nofollow noopener">also says</a> PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through</li>
<li>There's also been <a href="https://lists.freebsd.org/pipermail/freebsd-pf/2014-July/thread.html" rel="nofollow noopener">even more recent concern</a> about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches</li>
<li>We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us
***</li>
</ul>

<h3><a href="http://saveosx.org/pkgsrc-intro/" rel="nofollow noopener">Introduction to NetBSD pkgsrc</a></h3>

<ul>
<li>An article from one of our listeners about how to create a new pkgsrc port or fix one that you need</li>
<li>The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format</li>
<li>It also lists all the different bmake targets and their functions in relation to the porting process</li>
<li>Finally, the post details the whole process of creating a new port
***</li>
</ul>

<h3><a href="https://www.freebsd.org/releases/9.3R/relnotes.html" rel="nofollow noopener">FreeBSD 9.3-RELEASE</a></h3>

<ul>
<li>After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced <a href="https://www.freebsd.org/releases/9.3R/schedule.html" rel="nofollow noopener">today</a> but actually came out yesterday</li>
<li><a href="https://www.freebsd.org/releases/9.3R/relnotes.html" rel="nofollow noopener">The full list of changes</a> is available, but it's mostly a smaller maintenance release</li>
<li>Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more</li>
<li>If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon</li>
<li>Good news, this will be <a href="https://twitter.com/evilgjb/status/485909719522222080" rel="nofollow noopener">the first release</a> with PGP-signed checksums on the FTP mirrors - a very welcome change</li>
<li>With that out of the way, the 10.1-RELEASE schedule <a href="https://www.freebsd.org/releases/10.1R/schedule.html" rel="nofollow noopener">was posted</a>
***</li>
</ul>

<h2>Interview - Bryan Drewery - <a href="mailto:bdrewery@freebsd.org" rel="nofollow noopener">bdrewery@freebsd.org</a> / <a href="https://twitter.com/bdrewery" rel="nofollow noopener">@bdrewery</a></h2>

<p>The FreeBSD package building cluster, pkgng, ports, various topics</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/ssh-dns" rel="nofollow noopener">Tunneling traffic through DNS</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://blog.feld.me/posts/2014/07/ssh-two-factor-authentication-on-freebsd/" rel="nofollow noopener">SSH two-factor authentication on FreeBSD</a></h3>

<ul>
<li>We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website</li>
<li>This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port</li>
<li>Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally</li>
<li>It's a really, really simple process once you have the port installed - full details on the page
***</li>
</ul>

<h3><a href="http://www.darvilleit.com/why-i-ditched-tape-backup-for-a-custom-made-freenas-backup/" rel="nofollow noopener">Ditch tape backup in favor of FreeNAS</a></h3>

<ul>
<li>The author of this post shares some of his horrible experiences with tape backups for a client</li>
<li>Having constant, daily errors and failed backups, he needed to find another solution</li>
<li>With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS)</li>
<li>The rest of the article details his experiences with it and tells about his setup
***</li>
</ul>

<h3><a href="http://imil.net/wp/2014/07/02/back-to-2000-2005-freebsd-desktop-2/" rel="nofollow noopener">NetBSD vs FreeBSD, desktop experiences</a></h3>

<ul>
<li>A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job</li>
<li>Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver</li>
<li>"Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga."</li>
<li>He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system 
***</li>
</ul>

<h3><a href="http://blog.pcbsd.org/2014/07/pc-bsd-feature-digest-31-warden-cli-upgrade-irc-announcement/" rel="nofollow noopener">PCBSD not-so-weekly digest</a></h3>

<ul>
<li>Speaking of choices for a desktop system, it's the return of the PCBSD digest!</li>
<li>Warden and PBI_add have gotten some interesting new features</li>
<li>You can now create jails "on the fly" when adding a new PBI to your application library</li>
<li>Bulk jail creation is also possible now, and it's really easy</li>
<li>New Jenkins integration, with public access to <a href="http://builds.pcbsd.org" rel="nofollow noopener">poudriere logs as well</a></li>
<li>PkgNG 1.3.0.rc2 testing for EDGE users
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21D05MP0t" rel="nofollow noopener">Jeff writes in</a> - <a href="http://allanjude.com/zfs_handbook/zfs-zfs.html#zfs-send-ssh" rel="nofollow noopener">Sending Encrypted Backups over SSH</a> + <a href="http://wiki.pcbsd.org/index.php/Life_Preserver/10.0#Backing_Up_to_a_FreeNAS_System" rel="nofollow noopener">Sending ZFS snapshots via user</a></li>
<li><a href="http://slexy.org/view/s2lzo1swzo" rel="nofollow noopener">Bruce writes in</a></li>
<li><a href="http://slexy.org/view/s20z841ean" rel="nofollow noopener">Richard writes in</a></li>
<li><a href="http://slexy.org/view/s2QYc8BOAo" rel="nofollow noopener">Jeff writes in</a> - <a href="http://www.nycbug.org/index.cgi?action=dmesgd" rel="nofollow noopener">NYCBUG dmesg list</a></li>
<li><a href="http://slexy.org/view/s2V2e1m7S7" rel="nofollow noopener">Steve writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>42: Devious Methods</title>
  <link>https://www.bsdnow.tv/42</link>
  <guid isPermaLink="false">95dc548f-e688-476d-9fd7-8e78ff3cd16f</guid>
  <pubDate>Wed, 18 Jun 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/95dc548f-e688-476d-9fd7-8e78ff3cd16f.mp3" length="60629908" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:24:12</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.soldierx.com/news/Position-Independent-Executable-Support-Added-FreeBSD" rel="nofollow noopener"&gt;PIE and ASLR in FreeBSD update&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A status update for Shawn Webb's ASLR and PIE work for FreeBSD&lt;/li&gt;
&lt;li&gt;One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree&lt;/li&gt;
&lt;li&gt;"FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support"&lt;/li&gt;
&lt;li&gt;If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf&lt;/li&gt;
&lt;li&gt;The next step is working on the ASLR coding style and getting more developers to look through it&lt;/li&gt;
&lt;li&gt;Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://blog.pfsense.org/?p=1347" rel="nofollow noopener"&gt;Misc. pfSense news&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Couple of pfSense news items this week, including some hardware news&lt;/li&gt;
&lt;li&gt;Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once&lt;/li&gt;
&lt;li&gt;To make that process faster, they're building a controllable power board (and include some cool pics)&lt;/li&gt;
&lt;li&gt;There will be more info on that device a bit later on&lt;/li&gt;
&lt;li&gt;On Friday, June 27th, there will be &lt;a href="https://blog.pfsense.org/?p=1367" rel="nofollow noopener"&gt;another video session&lt;/a&gt; (for paying customers only...) about virtualized firewalls&lt;/li&gt;
&lt;li&gt;pfSense &lt;a href="https://blog.pfsense.org/?p=1332" rel="nofollow noopener"&gt;University&lt;/a&gt;, a new paid training course, was also announced&lt;/li&gt;
&lt;li&gt;A single two-day class costs $2000, ouch
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.delphix.com/matt/2014/06/06/zfs-stripe-width/" rel="nofollow noopener"&gt;ZFS stripe width&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A new blog post from &lt;a href="http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods" rel="nofollow noopener"&gt;Matt Ahrens&lt;/a&gt; about ZFS stripe width&lt;/li&gt;
&lt;li&gt;"The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice"&lt;/li&gt;
&lt;li&gt;Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages&lt;/li&gt;
&lt;li&gt;He covers best performance on random IOPS, best reliability, and best space efficiency use cases&lt;/li&gt;
&lt;li&gt;It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html" rel="nofollow noopener"&gt;FreeBSD 9.3-BETA3 released&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release&lt;/li&gt;
&lt;li&gt;This is expected to be the final BETA, next will come the RCs&lt;/li&gt;
&lt;li&gt;There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20)&lt;/li&gt;
&lt;li&gt;The FreeBSD foundation has &lt;a href="http://freebsdfoundation.blogspot.com/2014/06/freebsd-93-beta3-now-available.html" rel="nofollow noopener"&gt;a blog post&lt;/a&gt; about it too&lt;/li&gt;
&lt;li&gt;There's &lt;a href="https://www.freebsd.org/relnotes/9-STABLE/relnotes/article.html" rel="nofollow noopener"&gt;a list of changes&lt;/a&gt; between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Bryce Chidester - &lt;a href="mailto:brycec@devio.us" rel="nofollow noopener"&gt;brycec@devio.us&lt;/a&gt; / &lt;a href="https://twitter.com/brycied00d" rel="nofollow noopener"&gt;@brycied00d&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Running a BSD shell provider&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/ssh-chaining" rel="nofollow noopener"&gt;Chaining SSH connections&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.linuxquestions.org/questions/*bsd-17/my-freebsd-adventure-continued-4175508055/" rel="nofollow noopener"&gt;My FreeBSD adventure&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings&lt;/li&gt;
&lt;li&gt;After &lt;a href="https://www.linuxquestions.org/questions/*bsd-17/pc-bsd-10-0-is-now-available-4175493047/page2.html#post5142465" rel="nofollow noopener"&gt;ruling out&lt;/a&gt; PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on&lt;/li&gt;
&lt;li&gt;In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things&lt;/li&gt;
&lt;li&gt;So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux&lt;/li&gt;
&lt;li&gt;Might be an interesting, ongoing series we can follow up on later
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-li-wen-hsu.html" rel="nofollow noopener"&gt;Even more BSDCan trip reports&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;BSDCan may be over until next year, but trip reports are still pouring in&lt;/li&gt;
&lt;li&gt;This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation&lt;/li&gt;
&lt;li&gt;He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that&lt;/li&gt;
&lt;li&gt;Nice long post about all of his experiences at the event, definitely worth a read&lt;/li&gt;
&lt;li&gt;He even talks about... the food
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blather.michaelwlucas.com/archives/2096" rel="nofollow noopener"&gt;FreeBSD disk partitioning&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification&lt;/li&gt;
&lt;li&gt;This erupted into a very &lt;a href="https://lists.freebsd.org/pipermail/freebsd-hackers/2014-June/045246.html" rel="nofollow noopener"&gt;long discussion&lt;/a&gt; about fdisk vs gnop vs gpart&lt;/li&gt;
&lt;li&gt;So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post&lt;/li&gt;
&lt;li&gt;It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.51" rel="nofollow noopener"&gt;BSD Router Project version 1.51&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A new version of the BSD Router Project has been released, 1.51&lt;/li&gt;
&lt;li&gt;It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE&lt;/li&gt;
&lt;li&gt;Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere&lt;/li&gt;
&lt;li&gt;Check the sourceforge page for the complete list of changes&lt;/li&gt;
&lt;li&gt;Bad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21X4hl28g" rel="nofollow noopener"&gt;Fongaboo writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20DELplMw" rel="nofollow noopener"&gt;David writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2tmazORRN" rel="nofollow noopener"&gt;Kristian writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, ssh, openssh, chaining, tor, hopping, jump host, tunnel, vpn, cowsay, 9.3, beta, release, pie, aslr, zfs, zpool, matt ahrens, delphix, foundation, devious, devio.us, bcallah is a noob, shell, shell provider, free, hosting, vps, vpn, ixsystems, tarsnap, bsdcan, report, bsd router project, router, pfsense, m0n0wall, openstack, security, linux, slackware, switching, linux vs bsd, netgate, firewall, university, hangout</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.soldierx.com/news/Position-Independent-Executable-Support-Added-FreeBSD" rel="nofollow noopener">PIE and ASLR in FreeBSD update</a></h3>

<ul>
<li>A status update for Shawn Webb's ASLR and PIE work for FreeBSD</li>
<li>One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree</li>
<li>"FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support"</li>
<li>If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf</li>
<li>The next step is working on the ASLR coding style and getting more developers to look through it</li>
<li>Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR
***</li>
</ul>

<h3><a href="https://blog.pfsense.org/?p=1347" rel="nofollow noopener">Misc. pfSense news</a></h3>

<ul>
<li>Couple of pfSense news items this week, including some hardware news</li>
<li>Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once</li>
<li>To make that process faster, they're building a controllable power board (and include some cool pics)</li>
<li>There will be more info on that device a bit later on</li>
<li>On Friday, June 27th, there will be <a href="https://blog.pfsense.org/?p=1367" rel="nofollow noopener">another video session</a> (for paying customers only...) about virtualized firewalls</li>
<li>pfSense <a href="https://blog.pfsense.org/?p=1332" rel="nofollow noopener">University</a>, a new paid training course, was also announced</li>
<li>A single two-day class costs $2000, ouch
***</li>
</ul>

<h3><a href="http://blog.delphix.com/matt/2014/06/06/zfs-stripe-width/" rel="nofollow noopener">ZFS stripe width</a></h3>

<ul>
<li>A new blog post from <a href="http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods" rel="nofollow noopener">Matt Ahrens</a> about ZFS stripe width</li>
<li>"The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice"</li>
<li>Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages</li>
<li>He covers best performance on random IOPS, best reliability, and best space efficiency use cases</li>
<li>It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html" rel="nofollow noopener">FreeBSD 9.3-BETA3 released</a></h3>

<ul>
<li>The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release</li>
<li>This is expected to be the final BETA, next will come the RCs</li>
<li>There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20)</li>
<li>The FreeBSD foundation has <a href="http://freebsdfoundation.blogspot.com/2014/06/freebsd-93-beta3-now-available.html" rel="nofollow noopener">a blog post</a> about it too</li>
<li>There's <a href="https://www.freebsd.org/relnotes/9-STABLE/relnotes/article.html" rel="nofollow noopener">a list of changes</a> between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits
***</li>
</ul>

<h2>Interview - Bryce Chidester - <a href="mailto:brycec@devio.us" rel="nofollow noopener">brycec@devio.us</a> / <a href="https://twitter.com/brycied00d" rel="nofollow noopener">@brycied00d</a></h2>

<p>Running a BSD shell provider</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/ssh-chaining" rel="nofollow noopener">Chaining SSH connections</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.linuxquestions.org/questions/*bsd-17/my-freebsd-adventure-continued-4175508055/" rel="nofollow noopener">My FreeBSD adventure</a></h3>

<ul>
<li>A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings</li>
<li>After <a href="https://www.linuxquestions.org/questions/*bsd-17/pc-bsd-10-0-is-now-available-4175493047/page2.html#post5142465" rel="nofollow noopener">ruling out</a> PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on</li>
<li>In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things</li>
<li>So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux</li>
<li>Might be an interesting, ongoing series we can follow up on later
***</li>
</ul>

<h3><a href="http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-li-wen-hsu.html" rel="nofollow noopener">Even more BSDCan trip reports</a></h3>

<ul>
<li>BSDCan may be over until next year, but trip reports are still pouring in</li>
<li>This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation</li>
<li>He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that</li>
<li>Nice long post about all of his experiences at the event, definitely worth a read</li>
<li>He even talks about... the food
***</li>
</ul>

<h3><a href="http://blather.michaelwlucas.com/archives/2096" rel="nofollow noopener">FreeBSD disk partitioning</a></h3>

<ul>
<li>For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification</li>
<li>This erupted into a very <a href="https://lists.freebsd.org/pipermail/freebsd-hackers/2014-June/045246.html" rel="nofollow noopener">long discussion</a> about fdisk vs gnop vs gpart</li>
<li>So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post</li>
<li>It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools
***</li>
</ul>

<h3><a href="http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.51" rel="nofollow noopener">BSD Router Project version 1.51</a></h3>

<ul>
<li>A new version of the BSD Router Project has been released, 1.51</li>
<li>It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE</li>
<li>Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere</li>
<li>Check the sourceforge page for the complete list of changes</li>
<li>Bad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21X4hl28g" rel="nofollow noopener">Fongaboo writes in</a></li>
<li><a href="http://slexy.org/view/s20DELplMw" rel="nofollow noopener">David writes in</a></li>
<li><a href="http://slexy.org/view/s2tmazORRN" rel="nofollow noopener">Kristian writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.soldierx.com/news/Position-Independent-Executable-Support-Added-FreeBSD" rel="nofollow noopener">PIE and ASLR in FreeBSD update</a></h3>

<ul>
<li>A status update for Shawn Webb's ASLR and PIE work for FreeBSD</li>
<li>One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree</li>
<li>"FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support"</li>
<li>If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf</li>
<li>The next step is working on the ASLR coding style and getting more developers to look through it</li>
<li>Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR
***</li>
</ul>

<h3><a href="https://blog.pfsense.org/?p=1347" rel="nofollow noopener">Misc. pfSense news</a></h3>

<ul>
<li>Couple of pfSense news items this week, including some hardware news</li>
<li>Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once</li>
<li>To make that process faster, they're building a controllable power board (and include some cool pics)</li>
<li>There will be more info on that device a bit later on</li>
<li>On Friday, June 27th, there will be <a href="https://blog.pfsense.org/?p=1367" rel="nofollow noopener">another video session</a> (for paying customers only...) about virtualized firewalls</li>
<li>pfSense <a href="https://blog.pfsense.org/?p=1332" rel="nofollow noopener">University</a>, a new paid training course, was also announced</li>
<li>A single two-day class costs $2000, ouch
***</li>
</ul>

<h3><a href="http://blog.delphix.com/matt/2014/06/06/zfs-stripe-width/" rel="nofollow noopener">ZFS stripe width</a></h3>

<ul>
<li>A new blog post from <a href="http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods" rel="nofollow noopener">Matt Ahrens</a> about ZFS stripe width</li>
<li>"The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice"</li>
<li>Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages</li>
<li>He covers best performance on random IOPS, best reliability, and best space efficiency use cases</li>
<li>It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor
***</li>
</ul>

<h3><a href="https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html" rel="nofollow noopener">FreeBSD 9.3-BETA3 released</a></h3>

<ul>
<li>The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release</li>
<li>This is expected to be the final BETA, next will come the RCs</li>
<li>There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20)</li>
<li>The FreeBSD foundation has <a href="http://freebsdfoundation.blogspot.com/2014/06/freebsd-93-beta3-now-available.html" rel="nofollow noopener">a blog post</a> about it too</li>
<li>There's <a href="https://www.freebsd.org/relnotes/9-STABLE/relnotes/article.html" rel="nofollow noopener">a list of changes</a> between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits
***</li>
</ul>

<h2>Interview - Bryce Chidester - <a href="mailto:brycec@devio.us" rel="nofollow noopener">brycec@devio.us</a> / <a href="https://twitter.com/brycied00d" rel="nofollow noopener">@brycied00d</a></h2>

<p>Running a BSD shell provider</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/ssh-chaining" rel="nofollow noopener">Chaining SSH connections</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.linuxquestions.org/questions/*bsd-17/my-freebsd-adventure-continued-4175508055/" rel="nofollow noopener">My FreeBSD adventure</a></h3>

<ul>
<li>A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings</li>
<li>After <a href="https://www.linuxquestions.org/questions/*bsd-17/pc-bsd-10-0-is-now-available-4175493047/page2.html#post5142465" rel="nofollow noopener">ruling out</a> PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on</li>
<li>In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things</li>
<li>So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux</li>
<li>Might be an interesting, ongoing series we can follow up on later
***</li>
</ul>

<h3><a href="http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-li-wen-hsu.html" rel="nofollow noopener">Even more BSDCan trip reports</a></h3>

<ul>
<li>BSDCan may be over until next year, but trip reports are still pouring in</li>
<li>This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation</li>
<li>He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that</li>
<li>Nice long post about all of his experiences at the event, definitely worth a read</li>
<li>He even talks about... the food
***</li>
</ul>

<h3><a href="http://blather.michaelwlucas.com/archives/2096" rel="nofollow noopener">FreeBSD disk partitioning</a></h3>

<ul>
<li>For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification</li>
<li>This erupted into a very <a href="https://lists.freebsd.org/pipermail/freebsd-hackers/2014-June/045246.html" rel="nofollow noopener">long discussion</a> about fdisk vs gnop vs gpart</li>
<li>So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post</li>
<li>It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools
***</li>
</ul>

<h3><a href="http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.51" rel="nofollow noopener">BSD Router Project version 1.51</a></h3>

<ul>
<li>A new version of the BSD Router Project has been released, 1.51</li>
<li>It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE</li>
<li>Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere</li>
<li>Check the sourceforge page for the complete list of changes</li>
<li>Bad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s21X4hl28g" rel="nofollow noopener">Fongaboo writes in</a></li>
<li><a href="http://slexy.org/view/s20DELplMw" rel="nofollow noopener">David writes in</a></li>
<li><a href="http://slexy.org/view/s2tmazORRN" rel="nofollow noopener">Kristian writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>39: The Friendly Sandbox</title>
  <link>https://www.bsdnow.tv/39</link>
  <guid isPermaLink="false">4ae1b0f5-7c6f-486f-bdcf-c71ec415269c</guid>
  <pubDate>Wed, 28 May 2014 08:00:00 -0400</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/4ae1b0f5-7c6f-486f-bdcf-c71ec415269c.mp3" length="45004756" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:02:30</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"&gt;&lt;/a&gt;&lt;a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"&gt;&lt;img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.bsdcan.org/2014/schedule/" rel="nofollow noopener"&gt;BSDCan 2014 talks and reports&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links&lt;/li&gt;
&lt;li&gt;Karl Lehenbauer's &lt;a href="https://www.youtube.com/watch?v=13LiyjnTGsQ" rel="nofollow noopener"&gt;keynote&lt;/a&gt; (he's on next week's episode)&lt;/li&gt;
&lt;li&gt;Mariusz Zaborski and Pawel Jakub Dawidek,
&lt;a href="https://www.youtube.com/watch?v=0la06FHbdvg" rel="nofollow noopener"&gt;Capsicum and Casper&lt;/a&gt; (relevant to today's interview)&lt;/li&gt;
&lt;li&gt;Luigi Rizzo,
&lt;a href="https://www.youtube.com/watch?v=Lr5o1VQMtgA" rel="nofollow noopener"&gt;In-kernel OpenvSwitch on FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Dwayne Hart, &lt;a href="https://www.youtube.com/watch?v=AVuF9eFeVWs" rel="nofollow noopener"&gt;Migrating from Linux to FreeBSD for Backend Data Storage&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Warner Losh, &lt;a href="https://www.youtube.com/watch?v=lj0XAE6C6-k" rel="nofollow noopener"&gt;NAND Flash and FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Simon Gerraty, &lt;a href="https://www.youtube.com/watch?v=4s0UY0sg6vI" rel="nofollow noopener"&gt;FreeBSD bmake and Meta Mode&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Bob Beck, &lt;a href="https://www.youtube.com/watch?v=oM6S7FEUfkU" rel="nofollow noopener"&gt;LibreSSL - The First 30 Days&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Henning Brauer, &lt;a href="https://www.youtube.com/watch?v=cP8AW111IKg" rel="nofollow noopener"&gt;OpenBGPD Turns 10 Years Old&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Arun Thomas, &lt;a href="https://www.youtube.com/watch?v=ZAM7fqhGRr8" rel="nofollow noopener"&gt;BSD ARM Kernel Internals&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Peter Hessler, &lt;a href="https://www.youtube.com/watch?v=i8UAVswpagA" rel="nofollow noopener"&gt;Using BGP for Realtime Spam Lists&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Pedro Giffuni, &lt;a href="https://www.youtube.com/watch?v=HMeTxViulgo" rel="nofollow noopener"&gt;Features and Status of FreeBSD's Ext2 Implementation
&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Matt Ahrens, &lt;a href="https://www.youtube.com/watch?v=EjGqVdCOIhM" rel="nofollow noopener"&gt;OpenZFS Upcoming Features and Performance Enhancements&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Daichi Goto, &lt;a href="https://www.youtube.com/watch?v=MsRu0xIawaA" rel="nofollow noopener"&gt;Shellscripts and Commands&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Benno Rice, &lt;a href="https://www.youtube.com/watch?v=jZp-ciB6mAg" rel="nofollow noopener"&gt;Keeping Current&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Sean Bruno, &lt;a href="https://www.youtube.com/watch?v=LZjoFSfIv3k" rel="nofollow noopener"&gt;MIPS Router Hacking&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;John-Mark Gurney, &lt;a href="https://www.youtube.com/watch?v=2qicD0tv_tI" rel="nofollow noopener"&gt;Optimizing GELI Performance&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Patrick Kelsey, &lt;a href="https://www.youtube.com/watch?v=LhIx8q8_7YY" rel="nofollow noopener"&gt;Userspace Networking with libuinet&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Massimiliano Stucchi, &lt;a href="https://www.youtube.com/watch?v=WZoQzUZKaeo" rel="nofollow noopener"&gt;IPv6 Transitioning Mechanisms&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Roger Pau Monné, &lt;a href="https://www.youtube.com/watch?v=q6l9qtjlNXU" rel="nofollow noopener"&gt;Taking the Red Pill&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Shawn Webb, &lt;a href="https://www.youtube.com/watch?v=jo8ObzR1tKQ" rel="nofollow noopener"&gt;Introducing ASLR in FreeBSD&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;There's also a &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20140519164127" rel="nofollow noopener"&gt;trip report&lt;/a&gt; from Peter Hessler and &lt;a href="http://julipedia.meroh.net/2014/05/bsdcan-2014-summary.html" rel="nofollow noopener"&gt;one from Julio Merino&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend)
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://networkfilter.blogspot.com/2014/05/defend-your-network-and-privacy-vpn.html" rel="nofollow noopener"&gt;Defend your network and privacy with a VPN and OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back&lt;/li&gt;
&lt;li&gt;This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities&lt;/li&gt;
&lt;li&gt;There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used&lt;/li&gt;
&lt;li&gt;You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)&lt;/li&gt;
&lt;li&gt;It also includes a few general privacy tips, recommended browser extensions, etc&lt;/li&gt;
&lt;li&gt;The intro to the article is especially great, so give the whole thing a read&lt;/li&gt;
&lt;li&gt;He mentions our &lt;a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener"&gt;OpenBSD router guide&lt;/a&gt; and other tutorials being a big help for this setup, so hello if you're watching!
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://blog.pascalj.com/article/you-should-try-freebsd/" rel="nofollow noopener"&gt;You should try FreeBSD&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that&lt;/li&gt;
&lt;li&gt;He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two&lt;/li&gt;
&lt;li&gt;Possibly the most useful part is how to address the question "my server already works, why bother switching?"&lt;/li&gt;
&lt;li&gt;"Stackoverflow’s answers assume I have apt-get installed"&lt;/li&gt;
&lt;li&gt;It includes mention of the great documentation, stability, ports, improved security and much more&lt;/li&gt;
&lt;li&gt;A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before"
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://hacklog.in/openbsd-and-the-little-mauritian-contributor/" rel="nofollow noopener"&gt;OpenBSD and the little Mauritian contributor&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;This is a story about a guy from &lt;a href="https://en.wikipedia.org/wiki/Mauritius" rel="nofollow noopener"&gt;Mauritius&lt;/a&gt; named Logan, one of OpenBSD's newest developers&lt;/li&gt;
&lt;li&gt;Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP&lt;/li&gt;
&lt;li&gt;The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon&lt;/li&gt;
&lt;li&gt;It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem&lt;/li&gt;
&lt;li&gt;Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Jon Anderson - &lt;a href="mailto:jonathan@freebsd.org" rel="nofollow noopener"&gt;jonathan@freebsd.org&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Capsicum and Casperd&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/dnscrypt" rel="nofollow noopener"&gt;Encrypting DNS lookups&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://i.imgur.com/f0qg6Ss.jpg" rel="nofollow noopener"&gt;FreeBSD Journal, May 2014 issue&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The newest issue of the &lt;a href="http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates" rel="nofollow noopener"&gt;FreeBSD Journal&lt;/a&gt; is out, following the bi-monthly release cycle&lt;/li&gt;
&lt;li&gt;This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling&lt;/li&gt;
&lt;li&gt;Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://insanecoding.blogspot.com/2014/05/libressl-porting-update.html" rel="nofollow noopener"&gt;LibreSSL porting update&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off&lt;/li&gt;
&lt;li&gt;Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!&lt;/li&gt;
&lt;li&gt;This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example&lt;/li&gt;
&lt;li&gt;Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://bsdmag.org/magazine/1862-meteorjs-on-freebsd-11-may-bsd-issue" rel="nofollow noopener"&gt;BSDMag May 2014 issue is out&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The usual monthly release from BSDMag, covering a variety of subjects&lt;/li&gt;
&lt;li&gt;This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things&lt;/li&gt;
&lt;li&gt;It's a free PDF, go grab it
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://bsdtalk.blogspot.com/2014/05/bsdtalk241-bob-beck.html" rel="nofollow noopener"&gt;BSDTalk episode 241&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A new episode of &lt;a href="http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk" rel="nofollow noopener"&gt;BSDTalk&lt;/a&gt; is out, this time with Bob Beck&lt;/li&gt;
&lt;li&gt;He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more&lt;/li&gt;
&lt;li&gt;The interview itself isn't about LibreSSL at all, but they do touch on it a bit too&lt;/li&gt;
&lt;li&gt;Really interesting stuff, covers a lot of different topics in a short amount of time
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the &lt;a href="https://www.freshports.org/security/vpnc/" rel="nofollow noopener"&gt;vpnc&lt;/a&gt; package seems to be what we were looking for&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s20MK7bTyc" rel="nofollow noopener"&gt;Tim writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2OWREQdUA" rel="nofollow noopener"&gt;AJ writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s202obAqbT" rel="nofollow noopener"&gt;Peter writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21Kye2jAc" rel="nofollow noopener"&gt;Thomas writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2zqFVqwxN" rel="nofollow noopener"&gt;Martin writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonflybsd, pcbsd, tutorial, howto, guide, bsd, interview, casper, casperd, the friendly ghost, capsicum, sandbox, application, jails, isolation, isolated, chroot, virtual machine, exploit, vpn, security, ssh, tunnel, encryption, bsdcan, presentation, talk, video, recordings, dnscrypt, opendns, dnscurve, lookups, dns, dnssec, gateway, vpn, vps, journal, bsdmag, bsdtalk, libressl</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bsdcan.org/2014/schedule/" rel="nofollow noopener">BSDCan 2014 talks and reports</a></h3>

<ul>
<li>The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links</li>
<li>Karl Lehenbauer's <a href="https://www.youtube.com/watch?v=13LiyjnTGsQ" rel="nofollow noopener">keynote</a> (he's on next week's episode)</li>
<li>Mariusz Zaborski and Pawel Jakub Dawidek,
<a href="https://www.youtube.com/watch?v=0la06FHbdvg" rel="nofollow noopener">Capsicum and Casper</a> (relevant to today's interview)</li>
<li>Luigi Rizzo,
<a href="https://www.youtube.com/watch?v=Lr5o1VQMtgA" rel="nofollow noopener">In-kernel OpenvSwitch on FreeBSD</a></li>
<li>Dwayne Hart, <a href="https://www.youtube.com/watch?v=AVuF9eFeVWs" rel="nofollow noopener">Migrating from Linux to FreeBSD for Backend Data Storage</a></li>
<li>Warner Losh, <a href="https://www.youtube.com/watch?v=lj0XAE6C6-k" rel="nofollow noopener">NAND Flash and FreeBSD</a></li>
<li>Simon Gerraty, <a href="https://www.youtube.com/watch?v=4s0UY0sg6vI" rel="nofollow noopener">FreeBSD bmake and Meta Mode</a></li>
<li>Bob Beck, <a href="https://www.youtube.com/watch?v=oM6S7FEUfkU" rel="nofollow noopener">LibreSSL - The First 30 Days</a></li>
<li>Henning Brauer, <a href="https://www.youtube.com/watch?v=cP8AW111IKg" rel="nofollow noopener">OpenBGPD Turns 10 Years Old</a></li>
<li>Arun Thomas, <a href="https://www.youtube.com/watch?v=ZAM7fqhGRr8" rel="nofollow noopener">BSD ARM Kernel Internals</a></li>
<li>Peter Hessler, <a href="https://www.youtube.com/watch?v=i8UAVswpagA" rel="nofollow noopener">Using BGP for Realtime Spam Lists</a></li>
<li>Pedro Giffuni, <a href="https://www.youtube.com/watch?v=HMeTxViulgo" rel="nofollow noopener">Features and Status of FreeBSD's Ext2 Implementation
</a></li>
<li>Matt Ahrens, <a href="https://www.youtube.com/watch?v=EjGqVdCOIhM" rel="nofollow noopener">OpenZFS Upcoming Features and Performance Enhancements</a></li>
<li>Daichi Goto, <a href="https://www.youtube.com/watch?v=MsRu0xIawaA" rel="nofollow noopener">Shellscripts and Commands</a></li>
<li>Benno Rice, <a href="https://www.youtube.com/watch?v=jZp-ciB6mAg" rel="nofollow noopener">Keeping Current</a></li>
<li>Sean Bruno, <a href="https://www.youtube.com/watch?v=LZjoFSfIv3k" rel="nofollow noopener">MIPS Router Hacking</a></li>
<li>John-Mark Gurney, <a href="https://www.youtube.com/watch?v=2qicD0tv_tI" rel="nofollow noopener">Optimizing GELI Performance</a></li>
<li>Patrick Kelsey, <a href="https://www.youtube.com/watch?v=LhIx8q8_7YY" rel="nofollow noopener">Userspace Networking with libuinet</a></li>
<li>Massimiliano Stucchi, <a href="https://www.youtube.com/watch?v=WZoQzUZKaeo" rel="nofollow noopener">IPv6 Transitioning Mechanisms</a></li>
<li>Roger Pau Monné, <a href="https://www.youtube.com/watch?v=q6l9qtjlNXU" rel="nofollow noopener">Taking the Red Pill</a></li>
<li>Shawn Webb, <a href="https://www.youtube.com/watch?v=jo8ObzR1tKQ" rel="nofollow noopener">Introducing ASLR in FreeBSD</a></li>
<li>There's also a <a href="http://undeadly.org/cgi?action=article&amp;sid=20140519164127" rel="nofollow noopener">trip report</a> from Peter Hessler and <a href="http://julipedia.meroh.net/2014/05/bsdcan-2014-summary.html" rel="nofollow noopener">one from Julio Merino</a></li>
<li>The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend)
***</li>
</ul>

<h3><a href="http://networkfilter.blogspot.com/2014/05/defend-your-network-and-privacy-vpn.html" rel="nofollow noopener">Defend your network and privacy with a VPN and OpenBSD</a></h3>

<ul>
<li>After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back</li>
<li>This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities</li>
<li>There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used</li>
<li>You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)</li>
<li>It also includes a few general privacy tips, recommended browser extensions, etc</li>
<li>The intro to the article is especially great, so give the whole thing a read</li>
<li>He mentions our <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">OpenBSD router guide</a> and other tutorials being a big help for this setup, so hello if you're watching!
***</li>
</ul>

<h3><a href="http://blog.pascalj.com/article/you-should-try-freebsd/" rel="nofollow noopener">You should try FreeBSD</a></h3>

<ul>
<li>In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that</li>
<li>He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two</li>
<li>Possibly the most useful part is how to address the question "my server already works, why bother switching?"</li>
<li>"Stackoverflow’s answers assume I have apt-get installed"</li>
<li>It includes mention of the great documentation, stability, ports, improved security and much more</li>
<li>A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before"
***</li>
</ul>

<h3><a href="http://hacklog.in/openbsd-and-the-little-mauritian-contributor/" rel="nofollow noopener">OpenBSD and the little Mauritian contributor</a></h3>

<ul>
<li>This is a story about a guy from <a href="https://en.wikipedia.org/wiki/Mauritius" rel="nofollow noopener">Mauritius</a> named Logan, one of OpenBSD's newest developers</li>
<li>Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP</li>
<li>The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon</li>
<li>It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem</li>
<li>Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back
***</li>
</ul>

<h2>Interview - Jon Anderson - <a href="mailto:jonathan@freebsd.org" rel="nofollow noopener">jonathan@freebsd.org</a></h2>

<p>Capsicum and Casperd</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/dnscrypt" rel="nofollow noopener">Encrypting DNS lookups</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://i.imgur.com/f0qg6Ss.jpg" rel="nofollow noopener">FreeBSD Journal, May 2014 issue</a></h3>

<ul>
<li>The newest issue of the <a href="http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates" rel="nofollow noopener">FreeBSD Journal</a> is out, following the bi-monthly release cycle</li>
<li>This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling</li>
<li>Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read
***</li>
</ul>

<h3><a href="http://insanecoding.blogspot.com/2014/05/libressl-porting-update.html" rel="nofollow noopener">LibreSSL porting update</a></h3>

<ul>
<li>Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off</li>
<li>Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!</li>
<li>This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example</li>
<li>Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good
***</li>
</ul>

<h3><a href="http://bsdmag.org/magazine/1862-meteorjs-on-freebsd-11-may-bsd-issue" rel="nofollow noopener">BSDMag May 2014 issue is out</a></h3>

<ul>
<li>The usual monthly release from BSDMag, covering a variety of subjects</li>
<li>This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things</li>
<li>It's a free PDF, go grab it
***</li>
</ul>

<h3><a href="http://bsdtalk.blogspot.com/2014/05/bsdtalk241-bob-beck.html" rel="nofollow noopener">BSDTalk episode 241</a></h3>

<ul>
<li>A new episode of <a href="http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk" rel="nofollow noopener">BSDTalk</a> is out, this time with Bob Beck</li>
<li>He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more</li>
<li>The interview itself isn't about LibreSSL at all, but they do touch on it a bit too</li>
<li>Really interesting stuff, covers a lot of different topics in a short amount of time
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li>We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the <a href="https://www.freshports.org/security/vpnc/" rel="nofollow noopener">vpnc</a> package seems to be what we were looking for</li>
<li><a href="http://slexy.org/view/s20MK7bTyc" rel="nofollow noopener">Tim writes in</a></li>
<li><a href="http://slexy.org/view/s2OWREQdUA" rel="nofollow noopener">AJ writes in</a></li>
<li><a href="http://slexy.org/view/s202obAqbT" rel="nofollow noopener">Peter writes in</a></li>
<li><a href="http://slexy.org/view/s21Kye2jAc" rel="nofollow noopener">Thomas writes in</a></li>
<li><a href="http://slexy.org/view/s2zqFVqwxN" rel="nofollow noopener">Martin writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise servers and storage for open source"></a><a href="http://www.tarsnap.com/bsdnow" title="Tarsnap" rel="nofollow noopener"><img src="/images/tarsnap1.png" alt="Tarsnap - online backups for the truly paranoid"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="https://www.bsdcan.org/2014/schedule/" rel="nofollow noopener">BSDCan 2014 talks and reports</a></h3>

<ul>
<li>The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links</li>
<li>Karl Lehenbauer's <a href="https://www.youtube.com/watch?v=13LiyjnTGsQ" rel="nofollow noopener">keynote</a> (he's on next week's episode)</li>
<li>Mariusz Zaborski and Pawel Jakub Dawidek,
<a href="https://www.youtube.com/watch?v=0la06FHbdvg" rel="nofollow noopener">Capsicum and Casper</a> (relevant to today's interview)</li>
<li>Luigi Rizzo,
<a href="https://www.youtube.com/watch?v=Lr5o1VQMtgA" rel="nofollow noopener">In-kernel OpenvSwitch on FreeBSD</a></li>
<li>Dwayne Hart, <a href="https://www.youtube.com/watch?v=AVuF9eFeVWs" rel="nofollow noopener">Migrating from Linux to FreeBSD for Backend Data Storage</a></li>
<li>Warner Losh, <a href="https://www.youtube.com/watch?v=lj0XAE6C6-k" rel="nofollow noopener">NAND Flash and FreeBSD</a></li>
<li>Simon Gerraty, <a href="https://www.youtube.com/watch?v=4s0UY0sg6vI" rel="nofollow noopener">FreeBSD bmake and Meta Mode</a></li>
<li>Bob Beck, <a href="https://www.youtube.com/watch?v=oM6S7FEUfkU" rel="nofollow noopener">LibreSSL - The First 30 Days</a></li>
<li>Henning Brauer, <a href="https://www.youtube.com/watch?v=cP8AW111IKg" rel="nofollow noopener">OpenBGPD Turns 10 Years Old</a></li>
<li>Arun Thomas, <a href="https://www.youtube.com/watch?v=ZAM7fqhGRr8" rel="nofollow noopener">BSD ARM Kernel Internals</a></li>
<li>Peter Hessler, <a href="https://www.youtube.com/watch?v=i8UAVswpagA" rel="nofollow noopener">Using BGP for Realtime Spam Lists</a></li>
<li>Pedro Giffuni, <a href="https://www.youtube.com/watch?v=HMeTxViulgo" rel="nofollow noopener">Features and Status of FreeBSD's Ext2 Implementation
</a></li>
<li>Matt Ahrens, <a href="https://www.youtube.com/watch?v=EjGqVdCOIhM" rel="nofollow noopener">OpenZFS Upcoming Features and Performance Enhancements</a></li>
<li>Daichi Goto, <a href="https://www.youtube.com/watch?v=MsRu0xIawaA" rel="nofollow noopener">Shellscripts and Commands</a></li>
<li>Benno Rice, <a href="https://www.youtube.com/watch?v=jZp-ciB6mAg" rel="nofollow noopener">Keeping Current</a></li>
<li>Sean Bruno, <a href="https://www.youtube.com/watch?v=LZjoFSfIv3k" rel="nofollow noopener">MIPS Router Hacking</a></li>
<li>John-Mark Gurney, <a href="https://www.youtube.com/watch?v=2qicD0tv_tI" rel="nofollow noopener">Optimizing GELI Performance</a></li>
<li>Patrick Kelsey, <a href="https://www.youtube.com/watch?v=LhIx8q8_7YY" rel="nofollow noopener">Userspace Networking with libuinet</a></li>
<li>Massimiliano Stucchi, <a href="https://www.youtube.com/watch?v=WZoQzUZKaeo" rel="nofollow noopener">IPv6 Transitioning Mechanisms</a></li>
<li>Roger Pau Monné, <a href="https://www.youtube.com/watch?v=q6l9qtjlNXU" rel="nofollow noopener">Taking the Red Pill</a></li>
<li>Shawn Webb, <a href="https://www.youtube.com/watch?v=jo8ObzR1tKQ" rel="nofollow noopener">Introducing ASLR in FreeBSD</a></li>
<li>There's also a <a href="http://undeadly.org/cgi?action=article&amp;sid=20140519164127" rel="nofollow noopener">trip report</a> from Peter Hessler and <a href="http://julipedia.meroh.net/2014/05/bsdcan-2014-summary.html" rel="nofollow noopener">one from Julio Merino</a></li>
<li>The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend)
***</li>
</ul>

<h3><a href="http://networkfilter.blogspot.com/2014/05/defend-your-network-and-privacy-vpn.html" rel="nofollow noopener">Defend your network and privacy with a VPN and OpenBSD</a></h3>

<ul>
<li>After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back</li>
<li>This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities</li>
<li>There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used</li>
<li>You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)</li>
<li>It also includes a few general privacy tips, recommended browser extensions, etc</li>
<li>The intro to the article is especially great, so give the whole thing a read</li>
<li>He mentions our <a href="http://www.bsdnow.tv/tutorials/openbsd-router" rel="nofollow noopener">OpenBSD router guide</a> and other tutorials being a big help for this setup, so hello if you're watching!
***</li>
</ul>

<h3><a href="http://blog.pascalj.com/article/you-should-try-freebsd/" rel="nofollow noopener">You should try FreeBSD</a></h3>

<ul>
<li>In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that</li>
<li>He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two</li>
<li>Possibly the most useful part is how to address the question "my server already works, why bother switching?"</li>
<li>"Stackoverflow’s answers assume I have apt-get installed"</li>
<li>It includes mention of the great documentation, stability, ports, improved security and much more</li>
<li>A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before"
***</li>
</ul>

<h3><a href="http://hacklog.in/openbsd-and-the-little-mauritian-contributor/" rel="nofollow noopener">OpenBSD and the little Mauritian contributor</a></h3>

<ul>
<li>This is a story about a guy from <a href="https://en.wikipedia.org/wiki/Mauritius" rel="nofollow noopener">Mauritius</a> named Logan, one of OpenBSD's newest developers</li>
<li>Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP</li>
<li>The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon</li>
<li>It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem</li>
<li>Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back
***</li>
</ul>

<h2>Interview - Jon Anderson - <a href="mailto:jonathan@freebsd.org" rel="nofollow noopener">jonathan@freebsd.org</a></h2>

<p>Capsicum and Casperd</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/dnscrypt" rel="nofollow noopener">Encrypting DNS lookups</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="http://i.imgur.com/f0qg6Ss.jpg" rel="nofollow noopener">FreeBSD Journal, May 2014 issue</a></h3>

<ul>
<li>The newest issue of the <a href="http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates" rel="nofollow noopener">FreeBSD Journal</a> is out, following the bi-monthly release cycle</li>
<li>This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling</li>
<li>Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read
***</li>
</ul>

<h3><a href="http://insanecoding.blogspot.com/2014/05/libressl-porting-update.html" rel="nofollow noopener">LibreSSL porting update</a></h3>

<ul>
<li>Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off</li>
<li>Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!</li>
<li>This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example</li>
<li>Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good
***</li>
</ul>

<h3><a href="http://bsdmag.org/magazine/1862-meteorjs-on-freebsd-11-may-bsd-issue" rel="nofollow noopener">BSDMag May 2014 issue is out</a></h3>

<ul>
<li>The usual monthly release from BSDMag, covering a variety of subjects</li>
<li>This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things</li>
<li>It's a free PDF, go grab it
***</li>
</ul>

<h3><a href="http://bsdtalk.blogspot.com/2014/05/bsdtalk241-bob-beck.html" rel="nofollow noopener">BSDTalk episode 241</a></h3>

<ul>
<li>A new episode of <a href="http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk" rel="nofollow noopener">BSDTalk</a> is out, this time with Bob Beck</li>
<li>He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more</li>
<li>The interview itself isn't about LibreSSL at all, but they do touch on it a bit too</li>
<li>Really interesting stuff, covers a lot of different topics in a short amount of time
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li>We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the <a href="https://www.freshports.org/security/vpnc/" rel="nofollow noopener">vpnc</a> package seems to be what we were looking for</li>
<li><a href="http://slexy.org/view/s20MK7bTyc" rel="nofollow noopener">Tim writes in</a></li>
<li><a href="http://slexy.org/view/s2OWREQdUA" rel="nofollow noopener">AJ writes in</a></li>
<li><a href="http://slexy.org/view/s202obAqbT" rel="nofollow noopener">Peter writes in</a></li>
<li><a href="http://slexy.org/view/s21Kye2jAc" rel="nofollow noopener">Thomas writes in</a></li>
<li><a href="http://slexy.org/view/s2zqFVqwxN" rel="nofollow noopener">Martin writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
<item>
  <title>16: Cryptocrystalline</title>
  <link>https://www.bsdnow.tv/16</link>
  <guid isPermaLink="false">d9af27cf-c4ff-4572-b119-cbfd0e4167c8</guid>
  <pubDate>Wed, 18 Dec 2013 08:00:00 -0500</pubDate>
  <author>JT Pennington</author>
  <enclosure url="https://aphid.fireside.fm/d/1437767933/c91b88f1-e824-4815-bcb8-5227818d6010/d9af27cf-c4ff-4572-b119-cbfd0e4167c8.mp3" length="79454910" type="audio/mpeg"/>
  <itunes:episodeType>full</itunes:episodeType>
  <itunes:author>JT Pennington</itunes:author>
  <itunes:subtitle>This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.</itunes:subtitle>
  <itunes:duration>1:50:21</itunes:duration>
  <itunes:explicit>no</itunes:explicit>
  <itunes:image href="https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/c/c91b88f1-e824-4815-bcb8-5227818d6010/cover.jpg?v=4"/>
  <description>&lt;p&gt;This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.&lt;/p&gt;

&lt;h2&gt;This episode was brought to you by&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"&gt;&lt;img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Headlines&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://johnchapin.boostrot.net/blog/2013/12/07/secure-comms-with-openbsd-and-openvpn-part-1/" rel="nofollow noopener"&gt;Secure communications with OpenBSD and OpenVPN&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Starting off today's theme of encryption...&lt;/li&gt;
&lt;li&gt;A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic&lt;/li&gt;
&lt;li&gt;Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)&lt;/li&gt;
&lt;li&gt;Part 2 covers the initial setup of OpenVPN certificates and keys&lt;/li&gt;
&lt;li&gt;Parts 3 and 4 are the OpenVPN server and client configuration&lt;/li&gt;
&lt;li&gt;Part 5 is some updates and closing remarks
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://www.freebsdfoundation.org/press/2013Dec-newsletter" rel="nofollow noopener"&gt;FreeBSD Foundation Newsletter&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;The December 2013 semi-annual newsletter was sent out from the foundation&lt;/li&gt;
&lt;li&gt;In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored&lt;/li&gt;
&lt;li&gt;The president's letter alone is worth the read, really amazing&lt;/li&gt;
&lt;li&gt;Really long, with lots of details and stories from the conferences and projects
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://evertiq.com/design/33394" rel="nofollow noopener"&gt;Use of NetBSD with Marvell Kirkwood Processors&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer&lt;/li&gt;
&lt;li&gt;The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."&lt;/li&gt;
&lt;li&gt;Really cool little NetBSD ARM project with lots of graphs, pictures and details
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://adrianchadd.blogspot.com/2013/12/experimenting-with-zero-copy-network-io.html" rel="nofollow noopener"&gt;Experimenting with zero-copy network IO&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD&lt;/li&gt;
&lt;li&gt;Discusses the different OS' implementations and options&lt;/li&gt;
&lt;li&gt;He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there&lt;/li&gt;
&lt;li&gt;Tons of details, check the full post
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Interview - Damien Miller - &lt;a href="mailto:djm@openbsd.org" rel="nofollow noopener"&gt;djm@openbsd.org&lt;/a&gt; / &lt;a href="https://twitter.com/damienmiller" rel="nofollow noopener"&gt;@damienmiller&lt;/a&gt;&lt;/h2&gt;

&lt;p&gt;Cryptography in OpenBSD and OpenSSH&lt;/p&gt;

&lt;hr&gt;

&lt;h2&gt;Tutorial&lt;/h2&gt;

&lt;h3&gt;&lt;a href="http://www.bsdnow.tv/tutorials/fde" rel="nofollow noopener"&gt;Full disk encryption in FreeBSD &amp;amp; OpenBSD&lt;/a&gt;&lt;/h3&gt;

&lt;hr&gt;

&lt;h2&gt;News Roundup&lt;/h2&gt;

&lt;h3&gt;&lt;a href="https://www.youtube.com/watch?v=wWmVW2R_uz8" rel="nofollow noopener"&gt;OpenZFS office hours&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Our buddy &lt;a href="http://www.bsdnow.tv/episodes/2013_12_04-zettabytes_for_days" rel="nofollow noopener"&gt;George Wilson&lt;/a&gt; sat down to take some ZFS questions from the community&lt;/li&gt;
&lt;li&gt;You can see more info about it &lt;a href="http://open-zfs.org/wiki/OpenZFS_Office_Hours" rel="nofollow noopener"&gt;here&lt;/a&gt;
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://www.shiningsilence.com/dbsdlog/2013/12/09/12934.html" rel="nofollow noopener"&gt;License summaries in pkgng&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;A discussion between &lt;a href="http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug" rel="nofollow noopener"&gt;Justin Sherill&lt;/a&gt; and some NYCBUG guys about license frameworks in pkgng&lt;/li&gt;
&lt;li&gt;Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow&lt;/li&gt;
&lt;li&gt;Maybe we could get a "pkg licenses" command to display the license of all installed packages&lt;/li&gt;
&lt;li&gt;Ok bapt, do it
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="http://thelinuxcauldron.com/2013/12/08/freebsd-challenge/" rel="nofollow noopener"&gt;The FreeBSD challenge continues&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Checking in with our buddy from the Linux foundation...&lt;/li&gt;
&lt;li&gt;The switching from Linux to FreeBSD blog series continues for his month-long trial&lt;/li&gt;
&lt;li&gt;Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge.  Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."&lt;/li&gt;
&lt;li&gt;Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;&lt;a href="https://svnweb.freebsd.org/ports?view=revision&amp;amp;revision=336615" rel="nofollow noopener"&gt;Ports gets a stable branch&lt;/a&gt;&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch&lt;/li&gt;
&lt;li&gt;This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes&lt;/li&gt;
&lt;li&gt;All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1
***&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;Feedback/Questions&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2iRV1tOzB" rel="nofollow noopener"&gt;John writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s21gAR5lgf" rel="nofollow noopener"&gt;Spencer writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s203iOnFh1" rel="nofollow noopener"&gt;Campbell writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2yUqj3vKW" rel="nofollow noopener"&gt;Sha'ul writes in&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="http://slexy.org/view/s2egcTPBXH" rel="nofollow noopener"&gt;Clint writes in&lt;/a&gt;
*** &lt;/li&gt;
&lt;/ul&gt;
</description>
  <itunes:keywords>freebsd, openbsd, netbsd, dragonfly bsd, pcbsd, tutorial, howto, guide, bsd, interview, ssh, arm, openssh, sftp, security, damien miller, djm, mindrot, encryption, crypto, chacha20, poly1305, aes, hmac, mac, sha256, cipher, rc4, base64, encode, decode, ed25519, bcrypt, md5, hash, salt, openzfs, office hours, openvpn, vps, vpn, ssl, tun, tap, foundation, newsletter, freebsd journal, ixsystems, ecc, rsa, dsa, ecdsa, tunnel, keys, password, passphrase, full disk encryption, fde, installation, encrypted install, unencrypted</itunes:keywords>
  <content:encoded>
    <![CDATA[<p>This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://johnchapin.boostrot.net/blog/2013/12/07/secure-comms-with-openbsd-and-openvpn-part-1/" rel="nofollow noopener">Secure communications with OpenBSD and OpenVPN</a></h3>

<ul>
<li>Starting off today's theme of encryption...</li>
<li>A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic</li>
<li>Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)</li>
<li>Part 2 covers the initial setup of OpenVPN certificates and keys</li>
<li>Parts 3 and 4 are the OpenVPN server and client configuration</li>
<li>Part 5 is some updates and closing remarks
***</li>
</ul>

<h3><a href="https://www.freebsdfoundation.org/press/2013Dec-newsletter" rel="nofollow noopener">FreeBSD Foundation Newsletter</a></h3>

<ul>
<li>The December 2013 semi-annual newsletter was sent out from the foundation</li>
<li>In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored</li>
<li>The president's letter alone is worth the read, really amazing</li>
<li>Really long, with lots of details and stories from the conferences and projects
***</li>
</ul>

<h3><a href="http://evertiq.com/design/33394" rel="nofollow noopener">Use of NetBSD with Marvell Kirkwood Processors</a></h3>

<ul>
<li>Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer</li>
<li>The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."</li>
<li>Really cool little NetBSD ARM project with lots of graphs, pictures and details
***</li>
</ul>

<h3><a href="http://adrianchadd.blogspot.com/2013/12/experimenting-with-zero-copy-network-io.html" rel="nofollow noopener">Experimenting with zero-copy network IO</a></h3>

<ul>
<li>Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD</li>
<li>Discusses the different OS' implementations and options</li>
<li>He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there</li>
<li>Tons of details, check the full post
***</li>
</ul>

<h2>Interview - Damien Miller - <a href="mailto:djm@openbsd.org" rel="nofollow noopener">djm@openbsd.org</a> / <a href="https://twitter.com/damienmiller" rel="nofollow noopener">@damienmiller</a></h2>

<p>Cryptography in OpenBSD and OpenSSH</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/fde" rel="nofollow noopener">Full disk encryption in FreeBSD &amp; OpenBSD</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.youtube.com/watch?v=wWmVW2R_uz8" rel="nofollow noopener">OpenZFS office hours</a></h3>

<ul>
<li>Our buddy <a href="http://www.bsdnow.tv/episodes/2013_12_04-zettabytes_for_days" rel="nofollow noopener">George Wilson</a> sat down to take some ZFS questions from the community</li>
<li>You can see more info about it <a href="http://open-zfs.org/wiki/OpenZFS_Office_Hours" rel="nofollow noopener">here</a>
***</li>
</ul>

<h3><a href="http://www.shiningsilence.com/dbsdlog/2013/12/09/12934.html" rel="nofollow noopener">License summaries in pkgng</a></h3>

<ul>
<li>A discussion between <a href="http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug" rel="nofollow noopener">Justin Sherill</a> and some NYCBUG guys about license frameworks in pkgng</li>
<li>Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow</li>
<li>Maybe we could get a "pkg licenses" command to display the license of all installed packages</li>
<li>Ok bapt, do it
***</li>
</ul>

<h3><a href="http://thelinuxcauldron.com/2013/12/08/freebsd-challenge/" rel="nofollow noopener">The FreeBSD challenge continues</a></h3>

<ul>
<li>Checking in with our buddy from the Linux foundation...</li>
<li>The switching from Linux to FreeBSD blog series continues for his month-long trial</li>
<li>Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge.  Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."</li>
<li>Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=336615" rel="nofollow noopener">Ports gets a stable branch</a></h3>

<ul>
<li>For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch</li>
<li>This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes</li>
<li>All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2iRV1tOzB" rel="nofollow noopener">John writes in</a></li>
<li><a href="http://slexy.org/view/s21gAR5lgf" rel="nofollow noopener">Spencer writes in</a></li>
<li><a href="http://slexy.org/view/s203iOnFh1" rel="nofollow noopener">Campbell writes in</a></li>
<li><a href="http://slexy.org/view/s2yUqj3vKW" rel="nofollow noopener">Sha'ul writes in</a></li>
<li><a href="http://slexy.org/view/s2egcTPBXH" rel="nofollow noopener">Clint writes in</a>
***</li>
</ul>]]>
  </content:encoded>
  <itunes:summary>
    <![CDATA[<p>This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD.</p>

<h2>This episode was brought to you by</h2>

<p><a href="http://www.ixsystems.com/bsdnow" title="iXsystems" rel="nofollow noopener"><img src="/images/iXlogo2.png" alt="iXsystems - Enterprise Servers and Storage For Open Source"></a></p>

<hr>

<h2>Headlines</h2>

<h3><a href="http://johnchapin.boostrot.net/blog/2013/12/07/secure-comms-with-openbsd-and-openvpn-part-1/" rel="nofollow noopener">Secure communications with OpenBSD and OpenVPN</a></h3>

<ul>
<li>Starting off today's theme of encryption...</li>
<li>A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic</li>
<li>Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show)</li>
<li>Part 2 covers the initial setup of OpenVPN certificates and keys</li>
<li>Parts 3 and 4 are the OpenVPN server and client configuration</li>
<li>Part 5 is some updates and closing remarks
***</li>
</ul>

<h3><a href="https://www.freebsdfoundation.org/press/2013Dec-newsletter" rel="nofollow noopener">FreeBSD Foundation Newsletter</a></h3>

<ul>
<li>The December 2013 semi-annual newsletter was sent out from the foundation</li>
<li>In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored</li>
<li>The president's letter alone is worth the read, really amazing</li>
<li>Really long, with lots of details and stories from the conferences and projects
***</li>
</ul>

<h3><a href="http://evertiq.com/design/33394" rel="nofollow noopener">Use of NetBSD with Marvell Kirkwood Processors</a></h3>

<ul>
<li>Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer</li>
<li>The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)."</li>
<li>Really cool little NetBSD ARM project with lots of graphs, pictures and details
***</li>
</ul>

<h3><a href="http://adrianchadd.blogspot.com/2013/12/experimenting-with-zero-copy-network-io.html" rel="nofollow noopener">Experimenting with zero-copy network IO</a></h3>

<ul>
<li>Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD</li>
<li>Discusses the different OS' implementations and options</li>
<li>He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there</li>
<li>Tons of details, check the full post
***</li>
</ul>

<h2>Interview - Damien Miller - <a href="mailto:djm@openbsd.org" rel="nofollow noopener">djm@openbsd.org</a> / <a href="https://twitter.com/damienmiller" rel="nofollow noopener">@damienmiller</a></h2>

<p>Cryptography in OpenBSD and OpenSSH</p>

<hr>

<h2>Tutorial</h2>

<h3><a href="http://www.bsdnow.tv/tutorials/fde" rel="nofollow noopener">Full disk encryption in FreeBSD &amp; OpenBSD</a></h3>

<hr>

<h2>News Roundup</h2>

<h3><a href="https://www.youtube.com/watch?v=wWmVW2R_uz8" rel="nofollow noopener">OpenZFS office hours</a></h3>

<ul>
<li>Our buddy <a href="http://www.bsdnow.tv/episodes/2013_12_04-zettabytes_for_days" rel="nofollow noopener">George Wilson</a> sat down to take some ZFS questions from the community</li>
<li>You can see more info about it <a href="http://open-zfs.org/wiki/OpenZFS_Office_Hours" rel="nofollow noopener">here</a>
***</li>
</ul>

<h3><a href="http://www.shiningsilence.com/dbsdlog/2013/12/09/12934.html" rel="nofollow noopener">License summaries in pkgng</a></h3>

<ul>
<li>A discussion between <a href="http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug" rel="nofollow noopener">Justin Sherill</a> and some NYCBUG guys about license frameworks in pkgng</li>
<li>Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow</li>
<li>Maybe we could get a "pkg licenses" command to display the license of all installed packages</li>
<li>Ok bapt, do it
***</li>
</ul>

<h3><a href="http://thelinuxcauldron.com/2013/12/08/freebsd-challenge/" rel="nofollow noopener">The FreeBSD challenge continues</a></h3>

<ul>
<li>Checking in with our buddy from the Linux foundation...</li>
<li>The switching from Linux to FreeBSD blog series continues for his month-long trial</li>
<li>Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge.  Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding."</li>
<li>Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more
***</li>
</ul>

<h3><a href="https://svnweb.freebsd.org/ports?view=revision&amp;revision=336615" rel="nofollow noopener">Ports gets a stable branch</a></h3>

<ul>
<li>For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch</li>
<li>This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes</li>
<li>All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1
***</li>
</ul>

<h2>Feedback/Questions</h2>

<ul>
<li><a href="http://slexy.org/view/s2iRV1tOzB" rel="nofollow noopener">John writes in</a></li>
<li><a href="http://slexy.org/view/s21gAR5lgf" rel="nofollow noopener">Spencer writes in</a></li>
<li><a href="http://slexy.org/view/s203iOnFh1" rel="nofollow noopener">Campbell writes in</a></li>
<li><a href="http://slexy.org/view/s2yUqj3vKW" rel="nofollow noopener">Sha'ul writes in</a></li>
<li><a href="http://slexy.org/view/s2egcTPBXH" rel="nofollow noopener">Clint writes in</a>
***</li>
</ul>]]>
  </itunes:summary>
</item>
  </channel>
</rss>
