Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
124: Get your engine(x) started!
This week on the show, we have a very full news roster to rundown, plus an oldie, but goodie with Igor of the nginx project. That plus all your questions and feedback, iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSDJournal! *** FreeNAS Logo Design Contest (https://www.ixsystems.com/freenas-logo-contest/) Rules and Requirements (https://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/) For those of you curious about Kris' new lighting here are the links to what he is using. Softbox Light Diffuser (http://smile.amazon.com/gp/product/B00OTG6474?psc=1&redirect=true&ref_=oh_aui_detailpage_o01_s00&pldnSite=1) Full Spectrum 5500K CFL Bulb (http://smile.amazon.com/gp/product/B00198U6U6?psc=1&redirect=true&ref_=oh_aui_detailpage_o06_s00) *** This episode was brought to you by Headlines Clearing the air (http://blog.randi.io/2015/12/31/the-developer-formerly-known-as-freebsdgirl/) A number of you have written in the past few weeks asking why Allan and I didn’t talk about one of the biggest stories to make headlines last week. Both of us are quite aware of the details surrounding the incidents between former FreeBSD developers “freebsdgirl” and “xmj”, however the news was still ongoing and we didn’t feel it right to discuss until some of the facts had time to shake out and a more clear (and calm) discussion could be had. However, without getting into all the gory details here’s some of the key points that we want to highlight for our listeners. We each have our own thoughts on this. Kris: The FreeBSD that I know has been VERY open and inclusive to all who want to contribute. The saying “Shut up and code” is there for a reason. We’ve seen developers of all types, different race / gender / creed, and the one thing we all have in common is the love for BSD. This particular incident has been linked to FreeBSD, which isn’t exactly a fair association, since the project and other members of community were not directly involved. What started out as a disagreement (over something non-BSD related) turned into an ugly slugfest all across social media and (briefly) on a BSD chatroom. In this case after reviewing lots of the facts, I think both sides were WAY out of line, and hope they recognize that. There has been slamming of the core team and foundation in social media, as somehow the delay / silence is an admission of wrong-doing. Nothing could be further from the truth. These are serious people doing a serious job, and much like BSD they would rather take the time to do it right instead of just going off on social media and making things worse. (Plus they all are volunteers who are spread across many different time-zones) Also, if you hear rumors of incidents of harassment, remember that without details all those will ever be is rumors. Obviously those in the project would take any incident like that seriously, but without coming forward and sharing the details it’s impossible to take any action or make changes for the better. Allan: The FreeBSD community is the best group of people I have ever worked with, but that doesn’t mean that it is immune to the same problems that every other group of people faces. As much as all of us wish it didn’t, harassment and other ill-behavior does happen, and must be dealt with The FreeBSD Core team has previously sanctioned committers and revoked commit bits for things that happened entirely offline and outside of the FreeBSD community. Part of being a committer is representing the project in everything that you do, so anything you do that reflects badly upon the project is grounds for your removal There was something written about this in the project documentation somewhere (that I can not find for the live of me), specifically about the prestige that comes with (or used to) an @freebsd.org account, and how new members of the community need to keep that in mind as they work to earn, and keep, a commit bit In this specific situation, I am not sure what core did exactly, we’ll have to wait for their report to find out, but I am not sure what more they could have done. “Individual members of core have the power to temporarily suspend commit privileges until core as a whole has the chance to review the issue. Only a 2/3 majority of core has the authority to suspend commit privileges for longer than a week or to remove them permanently. Core's “special powers” only kick in when it acts as a group, not on an individual basis. As individuals, the core team members are all committers first and core second” So, an individual member of core can revoke the commit bit of someone who is reported to have acted in a manner not conducive with the rules, but I don’t know how that would have made a difference in this case. The only point from Randi’s list of 10 things the project should change that I do not think is possible is #6. As stated in the “Committers' Big List of Rules” that I quoted earlier, the core team can only take action after they have had time for everyone to review and discuss a matter, and then vote on it. The core team is made up of 9 people with other responsibilities and commitments. Further, they are currently spread across 6 different countries, and 6 different times zones (even the countries and time zones do not line up). We eagerly await Cores report on this matter, and more importantly, Core and the Foundation's work to come up with a better framework and response policy to deal with such situations in the future. The important thing is to ensure that incident reports are properly handled, so that those reporting issues feel safe in doing so While we hope there is never another incident of harassment in the FreeBSD community, the realities of the world we live in mean we need to be ready to deal with it *** Dan Langille discussing his rig (https://www.reddit.com/r/homelab/comments/3zv64t/the_home_lab_9_servers_about_98tb_working_url/) Pictures of Dan Langille's Home Lab (http://imgur.com/gallery/nuBBD) Ever read FreeBSD Diary? How about used FreshPorts or FreshSource? Gone to BSDCan? If so you may be interested in seeing exactly where those sites are served from. Dan Langille posts to reddit with information about his home lab, with the obligatory pictures to back it up As most good home racks do, this one starts at Home Depot and ends up with a variety of systems and hardware living on it. All in all an impressive rig and nice job wiring (I wonder what that ASUS RT‑N66U is doing, if it’s running FreeBSD or just an access point??) Reminder: Get your BSDCan talk proposal submitted before the deadline, January 19th *** Pre-5.9 pledge(2) update (http://undeadly.org/cgi?action=article&sid=20160107174436) Theo gives us a status update on pledge() for pre OpenBSD 5.9“For the next upcoming release, we will disable the 'paths' argument.Reasoning: We have been very busy making as much of the tree set thepromises right in applications, and building a few new promises aswell. We simply don't have enough time to review the kernel code andmake sure it is bug-free. We'll use the next 6 months developmentcycle to decide on paths, and then re-audit the tree to use theinterface where it is suitable. The base tree (/bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/games)contains 652 ELF binaries. 451 use pledge. 201 do not. Approximately47 do not need or cannot use pledge. Leaving 154 we could potentiallypledge in the future. Most of those are not very important. Thereare a few hot spots, but most of what people use has been handled wellby the team.“ Chromium: now with OpenBSD pledge(2) (http://undeadly.org/cgi?action=article&sid=20160107075227) In addition to the pledge news, we also have a story about the Chromium browser being converted to use pledge on OpenBSD.“The renderer, gpu, plugin and utility processes are now using pledge(2)Unfortunately the GPU process only requires an rpath pledge because ofMesa trying to parse two configuration files, /etc/drirc and ${HOME}/.drircSo currently the GPU process will use an rpath pledge in the nextweek or so so that people can test, but this situation has to beresolved because it is not acceptable that a mostly unused configurationfile is being parsed from a library and that stops us from using lesspledges and thus disallowing the GPU process to have read accessto the filesystem ... like your ssh keys.” UPDATE: the rpath pledge has been removed. *** iXsystems https://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/ Interview - Igor Sysoev - igor@sysoev.ru (mailto:igor@sysoev.ru) / @isysoev (https://twitter.com/isysoev) NGINX and FreeBSD News Roundup FreeBSD on EdgeRouter Lite - no serial port required (http://www.daemonology.net/blog/2016-01-10-FreeBSD-EdgeRouter-Lite.html) A few years back there was a neat story on how to setup FreeBSD on the EdgeRouter-Lite This last week we get to revisit this, as Colin Percival posts a script, and a very detailed walkthrough of using it to generate your own custom image which does NOT require hooking up a serial cable. Currently the script only works on -CURRENT, but may work later for 10.3 The script is pretty complete, does the buildworld and creation of a USB image for you. It also does a basic firewall configuration and even growfs for expanding to the full-size of your USB media. Using the ‘firstboot’ keyword, an rc.d script does all the initial configuration allowing you access to the system If you have one, or are looking at switching to a FreeBSD based router, do yourself a favor and take a look at this article. *** John Marino reaches out to the community for testing of Synth, a new custom package repo builder (http://lists.dragonflybsd.org/pipermail/users/2016-January/228540.html) A hybrid of poudriere and portmaster/portupgrade Uses your regular ports tree and your running system, but built builds packages faster, the poudriere way Requires no setup, no downloading or building reference versions of the OS, no checking out yet another copy of the ports tree In the future may have support for using binary packages for dependencies, build only the apps you actually want to customize Looks very promising *** OpenBSD malloc finds use-after-free in Android OS (https://android-review.googlesource.com/#/c/196090/) Score one for OpenBSD’s rigorous security and attention to detail. We have an interesting commit / comment from Android It looks like this particular mistake was found in the uncrypt routines, in particular the using of a variable memory which had already gone out of scope. Through the usage of OpenBSD’s malloc junk filling feature, the developers were able to identify and correct the issue. Maybe there is a case to be made that this be used more widely, especially during testing? *** Netflix's async sendfile now in FreeBSD-current (http://www.slideshare.net/facepalmtarbz2/new-sendfile-in-english) We have some slides presented by Gleb Smirnoff at last years FreeBSD storage summit, talking about changes to sendfile made by Netflix. It starts off with a bit of history, showing the misery of life without sendfile(2) back in FreeBSD 1.0, specifically the ftpd daemon. Then in 1997 that all changed, HP-UX 11.00 grew the sendfile function, and FreeBSD 3.0 / Linux 2.2 added it in ‘98 The slides then go into other details, on how the first implementations would map the userland cycle into the kernel. Then in 2004 the SF_NODISKIO flag was added, followed by changes in 2006 and 2013 to using sbspace() bytes and sending shared memory descriptor data respectively. The idea is that instead of the web server waiting for the send to complete, it calls sendfile then goes about its other work, then it gets a notification when the work is done, and finishes up any of the request handling, like logging how many bytes were sent The new sendfile implementation took the maximum load of an older netflix box from 25 gigabits/sec to 35 gigabits/sec Separately, Netflix has also done work on implementing a TLS version of sendfile(), to streamline the process of sending encrypted data There is still a todo list, including making sendfile() play nice with ZFS. Currently files sent via sendfile from ZFS are stored in memory twice, once in the ARC, and once in the buffer cache that sendfile uses *** Beastie Bits Unix Timeline of how Unix versions have evolved (http://www.levenez.com/unix/) netmap support now in bhyve in FreeBSD -Current (https://svnweb.freebsd.org/base?view=revision&revision=293459) McCabe complexity and Dragonfly BSD (https://www.dragonflydigest.com/2016/01/12/17478.html) Bourne Basic - a BASIC interpreter implemented (painfully) in pure Bourne shell (https://gist.github.com/cander/2785819) NixOS on FreeBSD (https://github.com/NixOS/nixpkgs/pull/10816#issuecomment-169298385) Turning an ordinary OpenBSD system into a router (http://www.openbsd.org/faq/pf/example1.html) nvidia releases beta 361.16 driver for FreeBSD (https://devtalk.nvidia.com/default/topic/908423/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-361-16-beta-/) Feedback/Questions Bryson - SmartOS / KVM / ZFS (http://slexy.org/view/s2BLZeBrSK) Samba 1969 (http://slexy.org/view/s2OQIxkZst) DO / VPN / PF (http://slexy.org/view/s206j2ekTZ) Unstable VM / Update (http://slexy.org/view/s20kyrKSH9) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
123: ZFS in the trenches
This week on BSDNow, we will be talking shop with Josh Paetzel of FreeNAS fame, hearing about his best do’s and do-nots of using ZFS in production. Also, a quick iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** FreeNAS Logo Design Contest (https://www.ixsystems.com/freenas-logo-contest/) Rules and Requirements (https://forums.freenas.org/index.php?threads/freenas-logo-design-contest.39968/) For those of you curious about Kris' new lighting here are the links to what he is using. Softbox Light Diffuser (http://smile.amazon.com/gp/product/B00OTG6474?psc=1&redirect=true&ref_=oh_aui_detailpage_o01_s00&pldnSite=1) Full Spectrum 5500K CFL Bulb (http://smile.amazon.com/gp/product/B00198U6U6?psc=1&redirect=true&ref_=oh_aui_detailpage_o06_s00) *** This episode was brought to you by Headlines A Brief look back at 2015 (http://fossforce.com/2015/12/bsd-brief-look-back-2015/) As we start the show this week, we begin with a brief look back at BSD in 2015, brought to us by Larry at FOSS force. Aside from his issue with tap-to-click on the touchpad, his PC-BSD experience has been pretty good. (Larry, if you hear this, jump on #pcbsd on FreeNode and we will lend a hand) He mentions that this really isn’t his first time running BSD, apparently back in ye-olden days he got NetBSD up and running on a PowerBook G3, until an update brought that experience to abrupt ending. He gives a shout-out to the FreeBSD Foundation as being a great go-to source for wrapup on the previous year in FreeBSD land, while also mentioning the great 4.4 release of DragonFly, and some of the variants, such as RetroBSD and LiteBSD He leaves us with a tease for 2016 that work is ongoing on Twitter to port over Mopidy, a python based extensible music server *** A look forward at BSD events throughout 2016 (http://www.bsdevents.org/scheduler/) After a quick look back at 2015, now its time to start planning your 2016 schedule. The BSDEvents site has a calendar of all the upcoming conferences / shows where BSD will have a presence this year. There are quite a few items on the agenda, including non BSD specific conferences, such as SCALE / Fosdem and more. Take a look and see, you may be able to find something close your location where you can come hang out with other BSD developers. (or better yet), if a linux conference is coming to your town, think about submitting a BSD talk! Additionally, if getting BSD Certification is something on your 2016 resolutions, you can often take the test at one of these shows, avoiding the need to travel to a testing center. *** The 'Hidden' Cost of Using ZFS for Your Home NAS (http://louwrentius.com/the-hidden-cost-of-using-zfs-for-your-home-nas.html) An article was recently posted that seems to be trying to dissuade people from using ZFS for their home NAS It points out what experienced users already know, but many newcomers are not strictly aware of: Expanding a ZFS pool is not always as straightforward as you think it should be ZFS was designed to be expanded, and it handled this very well However, a ZFS pool is made up of VDEVs, and it is these VDEVs that provide the redundancy. RAID-Z VDEVs cannot be changed once they are created. You can replace each disk individually, and the VDEV will grow to its new larger size, but you cannot add additional disks to a RAID-Z VDEV At this point, your option is to add an additional VDEV, although best practises dictate that the new VDEV should use an equal number of disks, to avoid uneven performance So, if you started with a 6 disk RAID-Z2, having to add 6 more disks to grow the pool does seem excessive For the best flexibility, use mirrors. If you had used 6 disks as 3 mirrors of 2 disks each, you could then just add 2 more disks at a time. The downside is that using 2TB disks, you’d only have 6TB of usable space, versus the 8TB you would get from those disks in a RAID-Z2 This is the trade-off, mirrors give you better performance and flexibility, but less space efficiency It is important to note that the diagrams in this article make it appear as if all parity information is stored on specific drives. In ZFS parity is spread across all drives. Often times, the data written to the drive is not of a size that can evenly be split across all drives, so the data actually ends up looking like this (http://blog.delphix.com/matt/files/2014/06/RAIDZ.png) The errors as I see it in the original article are: It notes that the hidden cost of ZFS is that if you add a second RAID-Z VDEV, you will have a whole second set of parity drives. While this is a cost, it is the cost of making sure your data is safe. If you had an array with more than 12 drives, it is likely that you would to be able to withstand the failure of the larger number of drives The article does not consider the resilver time. If you did create a configuration with a very wide RAID-Z stripe, the failure of a disk would leave the pool degraded for a much longer time, leaving your pool at risk for that longer period. The article does not consider performance. Two RAID-Z2 VDEVs of 6 disks each will give much better performance than a single VDEV of 10 or 12 disks, especially when it comes to IOPS. *** ZFS Boot Enviroments now availble in the FreeBSD bootloader (https://svnweb.freebsd.org/base?view=revision&revision=293001) It’s been in phabricator for a while (and PC-BSD), but the support for Boot-Environments has now landed upstream in -CURRENT This work was helped by cross-project collaboration when an IllumOS Developer, Toomas Soome, started porting the FreeBSD loader to IllumOS to replace GRUB there This gives Beastie menu the ability to look at the ZFS disk, and dynamically list boot-environments that it finds. (Much nicer than GRUB, which required a pre-written configuration file) This work was extended further, when Toomas Soome also ported the Beastie Menu to the UEFI loader (https://svnweb.freebsd.org/base?view=revision&revision=293233) which is now enabled by default for UEFI (https://svnweb.freebsd.org/base?view=revision&revision=293234) All of these changes are scheduled to be merged back in time for FreeBSD 10.3 as well. There is also a patch being worked on to support booting from ZFS in UEFI (https://reviews.freebsd.org/D4515) This is exciting times for doing neat things with ZFS on root, these plus Allans forthcoming GELI support (https://reviews.freebsd.org/D4593) will negate the necessity for GRUB on PC-BSD for example (Kris is very happy) *** Interview - Josh Paetzel - email@email (mailto:email@email) / @bsdunix4ever (https://twitter.com/bsdunix4ever) ZFS Support *** News Roundup RetroBSD being tested on ESP32 (http://retrobsd.org/viewtopic.php?f=1&t=37470) More hardware news for RetroBSD and LiteBSD I don’t know much about this hardware, but there is a lot of discussion in the forum threads about it Not sure what you are supposed to accomplish with only 400kb of ram LITEBSD Brings 4.4BSD to PIC32 (https://hackaday.com/2016/01/04/litebsd-brings-4-4bsd-to-pic32/) It is interesting to see these super-small boards with only 512kb of memory, but will crypto offload support It is also interesting to see talk of 140mbps WiFi, can the processor actually handle that much traffic? BSD Unix-like OS is Resurrected for Embedded IoT Market (http://thevarguy.com/open-source-application-software-companies/bsd-unix-os-resurrected-embedded-iot-market) Related to the above stories, we also have an article about BSD making a resurgence on various Internet of things devices, which mentions both RetroBSD and LiteBSD The article mentions that this is an exciting development for embedded vars who now have an alternative licensed open-source OS to potentially use *** HardenedBSD’s new Binary Updater (https://hardenedbsd.org/article/shawn-webb/2015-12-31/introducing-hardenedbsds-new-binary-updater) It looks like there is now another way to update your FreeBSD(hardened) system The post by Shawn Web, details how the new updater will work in future releases of HBSD Right now it looks fairly straight-forward, creating both the base.txz and kernel.txz, along with some data for etcupdate It includes a nice option for the kernel name in the update, allowing different kernels to be installed / updated at will Everything is cryptographically signed and verified using the base system openssl The build system is fairly simple, only requiring “sh/git/openssl” to create the binary updates Planned features also include updating of jails, and ZFS boot-environments *** Sometimes, processors need (BSD) love too (http://functionallyparanoid.com/2016/01/02/sometimes-processors-need-love-too/) We have a blog post from Brian Everly, talking about his long journey into legacy processors and the plans for the future to work on better supporting them on OpenBSD ports He begins with the story of his UNIX journey to today, and why this fostered his love for many of these old (and not so old) architectures, such as Sparc64, PPC32, i386. This journey ended up with the purchase of some legacy hardware (ebay is your friend), and the creation of a database listing the major port blockers on each platform This is the great kind of thing folks can do to step up and help a project, even as a weekend hobby it’s great to run some hardware and help test / fix up issues that other developers maybe don’t interact with as much anymore. *** Beastie Bits The standard MWL disclaimer (http://blather.michaelwlucas.com/archives/2510) PC-BSD 11.0-CURRENTJAN2016 Available (http://lists.pcbsd.org/pipermail/testing/2016-January/010350.html) NetBSD pkgsrc-2015Q3 statistics (http://mail-index.netbsd.org/tech-pkg/2015/12/28/msg016193.html) NetBSD pkgsrc-2015Q4 released (http://mail-index.netbsd.org/tech-pkg/2016/01/01/msg016213.html) First Reproducible builds conference in Athens (http://blog.netbsd.org/tnf/entry/reproducible_builds_conference_in_athens) The creator of the original ThinkPad design passes away (http://www.theregister.co.uk/2016/01/06/thinkpad_designer_obituary) Feedback/Questions Andrew - High Contrast (http://slexy.org/view/s213iCKLwn) John - FreeNAS followup (http://slexy.org/view/s21ClGePLP) Giorgio - Custom Install (http://slexy.org/view/s21527pkO1) Don - ZFS Slowdowns (http://slexy.org/view/s2jOlCsjkU) Fred - Dual Boot PC-BSD/Linux (http://slexy.org/view/s21uaB0FDU) ***
122: The BSD Black Box
This week on the show, we will be interviewing Alex Rosenberg, to This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines Life with an OpenBSD Laptop: A UNIX-lover's tale of migrating away from the Mac. The Good, The Bad, The Ugly (http://www.nycbug.org/event/10356/openbsd_laptop_nycbug_2015.pdf) OpenBSD user Isaac (.ike) Levy details his switch from a Mac to an OpenBSD laptop He covers a bit about selecting hardware and dealing with wifi Talks about binary packages and system upgrades Talks about power management, suspend/resume, battery life Show screenshots of some of his favourite window managers Browsers and email clients are also discussed Things he found missing in OpenBSD: A journaling file system, every unclean shutdown means a full fsck(1) UTF-8/unicode was not everywhere Syncing pictures and contacts to his phone Drawing tools *** DragonFlyBSD matches its Intel kernel graphics driver against Linux 4.0 (http://lists.dragonflybsd.org/pipermail/commits/2015-December/459067.html) The DragonFlyBSD DRM stack continues to rapidly advance, now bringing in support from Linux 4.0! Some of the notable features: Basic Skylake support Panel Self-Refresh (PSR) now supported on Valleyview and Cherryview Preparations for atomic display updates Performance improvements on various GPU families, including Cherryview, Broadwell and Haswell GPU frequencies are now kept at a minimum of 450MHz when possible on Haswell and Broadwell, ensuring a minimum experience level for various types of workloads Improved reset support for gen3/4 GPUs, which should fix some OpenGL crashes on Core 2 and pre-2012 Atom machine Better sound/graphics driver synchronization for audio over hdmi support As usual, small bugfixes and stability improvements here and there *** A BSD Wish List for 2016 (http://fossforce.com/2015/12/bsd-wish-list-2016/) Larry over at Foss Force brings us his wish list for BSD support in 2016. Since he has converted most of his daily desktop usage to PC-BSD, he is specifically wanting support for some desktop applications. Namely Google hangouts and Spotify. This is something which has come up periodically among the PC-BSD community. At the moment most users are dual-booting or using alternatives, like WebRTC. However the Google Hangouts plugin is available for Linux, and perhaps this will encourage some developers to see if we can get it running with the newer Linux stack on -CURRENT. Spotify also has a native Linux version, which may need testing on FreeBSD - CURRENT. It may be closer now, and should be updated on the Wanted Ports Page https://wiki.freebsd.org/WantedPorts *** Hard Float API coming soon by default to armv6 (http://bsdimp.blogspot.com/2015/12/hard-float-api-coming-soon-by-default.html) Warner Losh talks about upcoming changes to armv6 on FreeBSD “All the CPUs that FreeBSD supports have hard floating point in them. We've supported hard float for quite some time in the FreeBSD kernel. However, by default, we still use a soft-float ABI.” First, “A new armv6hf (architecture) was created, but that caused some issues with some ports, and the meaning of 'soft float' sadly was ambiguous between the soft-float ABI, and the soft-float libraries that implement floating point when there's no hardware FPU” “Over the spring and summer, I fixed ld.so so that it can load both soft ABI and hard ABI libraries on the same system, depending on markings in the binaries themselves. Soft float ABI and hard float ABI binaries have different flags in the ELF headers, so it is relatively straightforward to know which is which.” “So, in the coming days, I'll commit the first set of changes to move to armv6 as a hard float ABI by default. The kernel doesn't care: it can execute both. The new ld.so will allow you to transition through this change by allowing old, compat soft ABI libraries to co-exist on the system with new hard ABI libraries. This change alone isn't enough, but it will be good to get it out into circulation.” “armv6hf will be removed before FreeBSD 11” A LIBSOFT will be created, similar in concept to the LIB32 available on AMD64 *** Interview - Alex Rosenberg - alexr@leftfield.org (mailto:alexr@leftfield.org) / @alexr (https://twitter.com/alexr) Former Manager of Platform Architecture at Sony *** Beastie Bits Tuesday, Dec 20, 2005 was the release date of the very first bsdtalkpodcast (http://bsdtalk.blogspot.com/2005/12/bsdtalk001-intro-to-bsd.html) Patch: Server side support for TCP FastOpen (https://reviews.freebsd.org/D4350) Learn to tame OpenBSD quickly (http://www.openbsdjumpstart.org/) Hardware Accerated iSCSI lands in FreeBSD (https://svnweb.freebsd.org/base?view=revision&revision=292740) Settings for full HD resolution on DragonFlyBSD under QEMU/KVM, thanks to reddit user Chapo_Rouge (https://www.reddit.com/r/dragonflybsd/comments/3x4n7u/psa_1920x1080_on_dragonflybsd_44_under_qemukvm/) Patch: An IllumOS developer has been porting the FreeBSD boot loader to replace their old version of GRUB. In doing so, he has also made improvements to the block caching in the boot loader (https://reviews.freebsd.org/D4713) A FreeBSD user working at Microsoft talks about Microsoft’s shift to Open Source (http://blog.teleri.net/open-microsoft/) BSDCG Exam Session at FOSDEM'16 (https://fosdem.org/2016/schedule/event/cert_bsdcg/) Schedule for the BSD devroom at FOSDEM'16 (https://fosdem.org/2016/schedule/track/bsd/) OpenBSD snapshots are now 5.9 (http://marc.info/?l=openbsd-cvs&m=145055446007162&w=2) Notes on making BSD grep faster (http://blog.erratasec.com/2015/12/some-notes-on-fast-grep.html#.VoQKD1JSRhx) Intel’s Platform Application Engineering (PAE) group within the Networking Division (ND) is looking for a Network Software Engineer (https://www-ssl.intel.com/content/www/us/en/jobs/job-search/js2.html?job=782165&src=ML-12080) Did you watch Die Hard at Christmas? Get the Die Hard FreeBSD boot screen: install this file in /boot and set loader_logo="tribute" in /boot/loader.conf (http://locheil.shxd.cx/logo-tribute.4th) Feedback/Questions Jeremy - ZFS without root (http://slexy.org/view/s20CTqtEan) Dan - Getting PC-BSD Media (http://slexy.org/view/s20sNPoDm5) Chris - VMs and FreeBSD (http://slexy.org/view/s2hjsVgGBK) Ben - Haswell and IRC (http://slexy.org/view/s21pwYOTHi) Instructions for trying the Haswell patch (https://wiki.freebsd.org/Graphics/Update%20i915%20GPU%20driver%20to%20Linux%203.8) Matt - Donation to foundation (http://slexy.org/view/s20vifHCyc) ***
121: All your hyves are belong to us
This week on the show, we are going to be talking to Trent Thompson, This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines Review: Guarding the gates with OpenBSD 5.8 (http://distrowatch.com/weekly.php?issue=20151207#openbsd) Jesse Smith over at DistroWatch treats us this week to a nice review of OpenBSD 5.8, which may be a good introduction for the uninitiated to learn more+ He first walks through some of the various highlights of 5.8, and spends time introducing the reader to a number of the projects that originate from OpenBSD, such as LibreSSL, OpenSSH, doas, the new “file” implementation and W^X support on i386. The article then walks through his impressions of performing a fresh install of 5.8, and then getting up and running in X. He mentions that you may want to check the installation defaults, since on his 8GB VM disk, it didn’t leave enough room for packages on the /usr partition. It also includes a nice heads-up for new users about using the pkg_add command, and where / how you can set the initial repository mirror address. The “doas” command was also praised:“I found I very much appreciated the doas command, its documentation and configuration file. The doas configuration file is much easier to read than sudo's and the available options are well explained. The doas command allowed me to assign root access to a user given the proper password and doas worked as advertised.” A glowing summary as well:“OpenBSD may be very secure, but I think what sets the operating system apart are its documentation and clean system design. It is so easy to find things and understand the configuration of an OpenBSD system. The file system is organized in a clean and orderly manner. It always takes me a while to get accustomed to using OpenBSD, as for me it is a rare occurrence, but once I get settled in I like how straight forward everything is. I can usually find and configure anything on the system without referring to external documents or searching for answers on-line and that is quite an accomplishment for an operating system where virtually everything is done from the command line. “ *** OpenBSD Hackathon Reports Alexander Bluhm: multiprocessor networking (http://undeadly.org/cgi?action=article&sid=20151212192918) “The next step, we are currently working on, is to remove the big kernel lock from forwarding and routing. mpi@ has been doing this for a long time, but some corner cases were still left. I have written a regression test for handling ARP packets to show that all cases including proxy ARP are still working. Another thing that may happen with lock-free routing is that the interface is destroyed on one CPU while another CPU is working with a route to that interface. We finally got this resolved. The code that destroys the interface has to wait until all routes don't use this interface anymore. I moved the sleep before the destruction of the interface is started, so that the routes can always operate on a completely valid interface structure.” Vincent Gross: ifa_ifwithaddr() (http://undeadly.org/cgi?action=article&sid=20151215150708) Vincent worked on the function that finds the interface with the specified address, which is used to tell if the machine is the intended recipient of an incoming packet. A number of corner cases existed with broadcast addresses, especially if two interfaces were in the same subnet. This code was moved to the new in_broadcast() Ken Westerback: fdisk, installbot, and dhclient (http://undeadly.org/cgi?action=article&sid=20151216192843) Reyk Floeter: Hosting a hackathon, vmd, vmctl (http://undeadly.org/cgi?action=article&sid=20151217134417) “When I heard that Martin Pieuchot (mpi@) was looking for a place to hold another mini-hackathon for three to four people to work on multiprocessor (MP) enhancements of the network stack, I offered to come to our work place in Hannover, Northern Germany. We have space, gear, fast Internet and it is easy to reach for the involved people. Little did I know that it would quickly turn into n2k15, a network hackathon with 20 attendees from all over the world” “If you ever hosted such an event or a party for many guests, you will know the dilemma of the host: you’re constantly concerned about your guests enjoying it, you have to take care about many trivial things, other things will break, and you get little to no time to attend or even enjoy it yourself. Fortunately, I had very experienced and welcomed guests: only one vintage table and a vase broke – the table can be fixed – and I even found some time for hacking myself.” Martin Pieuchot: MP networking (http://undeadly.org/cgi?action=article&sid=20151218175010) “ We found two kind of MP bugs! There are MP bugs that you fix without even understanding them, and there are MP bugs that you understand but can't fix” Stefan Sperling: initial 802.11n support (http://undeadly.org/cgi?action=article&sid=20151219160501) *** Hacking the PS4 (https://cturt.github.io/ps4.html) As a followup to the story last week about the PS4 being “jailbroken”, we have a link to further information about how far this project has come along This article also provides some great background information about whats running under the hood of your PS4, including FreeBSD 9, Mono VM and WebKit, with WebKit being the primary point of entry to jailbreak the box. One particular point of interest, was the revelation that early firmware versions did not include ASLR, but it appears ASLR was added sometime around firmware 1.70. (Wonder if they used HardenedBSD’s implementation), and how they can bypass it entirely. “Luckily for us, we aren't limited to just writing static ROP chains. We can use JavaScript to read the modules table, which will tell us the base addresses of all loaded modules. Using these bases, we can then calculate the addresses of all our gadgets before we trigger ROP execution, bypassing ASLR.“ The article also mentions that they can prove that jails are used in some fashion, and provides examples of how they can browse the file system and dump a module list. The kernel exploit in question is SA-15:21 (https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc) from August of this year. The jailbreaking appears to be against an older version of PS4 firmware that did not include this patch *** Nokia and ARM leading the charge to implement better TCP/IP as part of the 5G standard (http://www.theregister.co.uk/2015/12/14/nokia_and_arm_bid_reinvent_tcpip_stack_5g/?page=1) “Many believe that a critical success factor for 5G will be a fully revamped TCP/IP stack, optimized for the massively varied use cases of the next mobile generation, for cloud services, and for virtualization and software-defined networking (SDN). This is the goal of the new OpenFastPath (OFP) Foundation, founded by Nokia Networks, ARM and industrial IT services player Enea. This aims to create an open source TCP/IP stack which can accelerate the move towards SDN in carrier and enterprise networks. Other sign-ups include AMD, Cavium, Freescale, Hewlett Packard Enterprise and the ARM-associated open source initiative, Linaro.” “The new fast-path TCP/IP stack will be based on the open source FreeBSD operating system” The general idea is to have a fast, open source, user space networking stack, based on the FreeBSD stack with an “optimised callback-based zero-copy socket API” to keep packet processing in user-space as far as possible It will be interesting to see a little bit more FreeBSD getting into every mobile and cloud based device. *** Interview - Trent Thompson - trentnthompson@gmail.com (trentnthompson@gmail.com) / @pr1ntf (https://twitter.com/pr1ntf) iohyve (https://github.com/pr1ntf/iohyve) *** News Roundup First cut of the FreeBSD modularized TCP stack (https://svnweb.freebsd.org/base?view=revision&revision=292309) FreeBSD now has more than one TCP stack, and better yet, you can use more than one at once Each socket pcb is associated with a stack, and it is possible to select a non-default stack with a socket option, so you can make a specific application use an experimental stack, while still defaulting to the known-good stack This should lead to a lot of interesting development and testing, without the level of risk usually associated with modifying the TCP stack The first new module available is ‘fastpath’, which may relate to the Nokia story earlier in the show There are also plans to support changing TCP stacks after establish a session, which might land as early as January *** Faces of FreeBSD : Erin Clark (http://freebsdfoundation.blogspot.com/2015/12/faces-of-freebsd-2015-erin-clark.html) In this edition of “Faces of FreeBSD” the FreeBSD foundation gives us an introduction to Erin Clark, of our very own iXsystems! Her journey to the BSD family may sound similar to a lot of ours. She first began using Linux / Slackware in the early 2000’s, but in 2009 a friend introduced her to FreeBSD and the rest, as they say, is history. “I use FreeBSD because it is very solid and secure and has a great selection of open source software that can be used with it from the ports collection. I have always appreciated FreeBSD’s networking stack because it makes a great router or network appliance. FreeBSD’s use of the ZFS file system is also very nice - ZFS snapshots definitely saved me a few times. I also like that FreeBSD is very well documented; almost everything you need to know about working with FreeBSD can be found in the FreeBSD Handbook.” Originally a sys admin at iXsystems, where she helped managed PC-BSD desktops among others, now she works on the FreeNAS project as a developer for the CLI interface functionality. *** New Olimex board runs Unix (https://olimex.wordpress.com/2015/12/16/new-product-in-stock-pic32-retrobsd-open-source-hardware-board-running-unix-like-retrobsd-os/) Looking for some small / embedded gear to mess around with? The Olimex folks have a new Pic32 system now available which runs “RetroBSD” “The current target is Microchip PIC32 microcontroller with 128 kbytes of RAM and 512 kbytes of Flash. PIC32 processor has MIPS M4K architecture, executable data memory and flexible RAM partitioning between user and kernel modes.” RetroBSD isn’t something we’ve covered extensively here on BSDNow, so to bring you up to speed, it is a port of 2.11 BSD Their website lists the following features of this 2.11 refresh:“ Small resource requirements. RetroBSD needs only 128 kbytes of RAM to be up and running user applications. Memory protection. Kernel memory is fully protected from user application using hardware mechanisms. Open functionality. Usually, user application is fixed in Flash memory - but in case of RetroBSD, any number of applications could be placed into SD card, and run as required. Real multitasking. Standard POSIX API is implemented (fork, exec, wait4 etc). Development system on-board. It is possible to have C compiler in the system, and to recompile the user application (or the whole operating system) when needed.“ For those looking into BSD history, or wanting something small and exotic to play with this may fit the bill nicely. *** OpenSource.com reviews PCBSD (https://opensource.com/life/15/12/bsd-desktop-user-review-pc-bsd) Joshua over at opensource.com writes up a review of PC-BSD (10.2 we assume) Some of the highlights mentioned, include the easy to use graphical installer, but he does mention we should update the sorting of languages. (Good idea!) Along with including nice screenshots, it also covers the availability of various DE’s / WM’s, and talks a fair amount about the AppCafe and Control Panel utilities. “Thanks to being featured on PC-BSD's desktop, the PC-BSD Handbook is easily located by even the most novice user. There is no need to search through the system's installed applications for a manual, or relying solely on the help documentation for individual components. While not comprehensive, PC-BSD's handbook does a good job as striking a balance between concise and thorough. It contains enough information to help and provides detailed instructions for the topics it covers, but it avoids providing so much information that it overwhelms” *** BeastieBits Gandi introduces support for FreeBSD on their IaaS platform, with both ZFS and UFS based images available (https://www.gandi.net/news/en/2015-12-23/6473-introducing_freebsd_and_trimming_down_the_official_image_list/) Funny commit message from the Linux kernel (http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f076ef44a44d02ed91543f820c14c2c7dff53716) FreeBSD Journal, Nov/Dec 2015 (https://www.freebsdfoundation.org/journal/vol2_no6) Feedback/Questions Zafer - NetBSD on DO (http://slexy.org/view/s2MPhvSFja) Richard - FreeNAS Replication (http://slexy.org/view/s2hhJktjRu) Winston - Android ADP (http://slexy.org/view/s2VK83ILlK) Alex - Multiple Domains (http://slexy.org/view/s20UVY8Bs5) Randy - Getting Involved (http://slexy.org/view/s20Cb076tu) Craig - zprezto (http://slexy.org/view/s2HNQ2aB42) ***
120: I’m talking about the man in the middle
This week on BSDNow, we are going to be talking to Pawel about how his This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines Note the recent passing of 2 members of the BSD community Juergen Lock / Nox (https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/contrib-develinmemoriam.html) Benjamin Perrault / creepingfur (https://twitter.com/michaeldexter/status/676290499389485057) Memories from Michael Dexter (http://pastebin.com/4BQ5uVsT) Additional Memories (http://www.filis.org/rip_ben.txt) Benjamin and Allan at Ben’s local bar (http://www.allanjude.com/bsd/bp/IMG_20151101_161727-auto.jpg) Benjamin treated Allan and Michael Dexter to their first ever Bermese food (http://www.allanjude.com/bsd/bp/IMG_20151101_191344-auto.jpg) Benjamin enjoying the hallway track at EuroBSDCon 2015 (http://www.allanjude.com/bsd/bp/IMG_20151003_105457-auto.jpg) *** NGINX as Reverse Proxy for Apache on FreeBSD 10.2 (http://linoxide.com/linux-how-to/install-nginx-reverse-proxy-apache-freebsd-10-2/) A tutorial on setting up NGINX as a reverse proxy for Apache Sometimes your users or application require some feature of Apache, that cannot be easily replicated in NGINX, like .htaccess files or a custom apache module In addition, because the default worker model in Apache does not accept new work until it is finished sending the request, a user with a slow connection can tie down that worker for a long time With NGINX as a reverse proxy, it will receive the data from the Apache worker over localhost, freeing that worker to answer the next request, while NGINX takes care of sending the data to the user The tutorial walks through the setup, which is very easy on modern FreeBSD One could also add mod_rpaf2 to the Apache, to securely pass through the users’ real IP address for use by Apache’s logging and the PHP scripts *** FreeBSD and FreeNAS in Business by Randy Westlund (http://bsdmag.org/freebsd_freenas/) The story of how a Tent & Awning company switched from managing orders with paper, to a computerized system backed by a FreeNAS “At first, I looked at off-the-shelf solutions. I found a number of cloud services that were like Dropbox, but with some generic management stuff layered on top. Not only did these all feel like a poor solution, they were very expensive. If the provider were to go out of business, what would happen to my dad’s company?” “Fortunately, sourcing the hardware and setting up the OS was the easiest part; I talked to iXsystems. I ordered a FreeNAS Mini and a nice workstation tower” “I have r2d2 (the tower, which hosts the database) replicating ZFS snapshots to c3po (the FreeNAS mini), and the data is backed up off-site regularly. This data is absolutely mission-critical, so I can’t take any risks. I’m glad I have ZFS on my side.” “I replaced Dropbox with Samba on c3po, and the Windows machines in the office now store important data on the NAS, rather than their local drives.” “I also replaced their router with an APU board running pfSense and replaced their PPTP VPN with OpenVPN and certificate authorization.” “FreeBSD (in three different incarnations) helped me focus on improving the company’s workflow without spending much time on the OS. And now there’s an awning company that is, in a very real sense, powered by FreeBSD.” *** Tutorial, Windows running under bhyve (http://pr1ntf.xyz/windowsunderbhyve.html) With the recent passing of the world’s foremost expert on running Windows under bhyve on FreeBSD, this tutorial will help you get up to speed “The secret sauce to getting Windows running under bhyve is the new UEFI support. This is pretty great news, because when you utilize UEFI in bhyve, you don't have to load the operating system in bhyveload or grub-bhyve first.” The author works on iohyve, and wanted to migrate away from VirtualBox, the only thing stopping that was support for Windows Guests iohyve now has support for managing Windows VMs The tutorial uses a script to extract the Windows Server 2008 ISO and set up AutoUnattend.xml to handle the installation of Windows, including setting the default administrator password, this is required because there is no graphical console yet The AutoUnattended setup also includes setting the IP address, laying out the partitions, and configuring the serial console A second script is then used to make a new ISO with the modifications The user is directed to fetch the UEFI firmware and some other bits Then iohyve is used to create the Windows VM The first boot uses the newly created ISO to install Windows Server 2008 Subsequent boots start Windows directly from the virtual disk Remote Desktop is enabled, so the user can manage the Windows Server graphically, using FreeRDP or a Windows client iohyve can then be used to take snapshots of the machine, and clone it *** BSD Router Project has released 1.58 (http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.58/) The BSD Router project has announced the release of version 1.58 with some notable new features Update to FreeBSD 10.2-RELEASE-p8 Disabled some Chelsio Nic features not used by a router Added new easy installation helper option, use with “system install ” Added the debugging symbols for userland Includes the iperf package, and flashrom package, which allows updating system BIOS on supported boxes IMPORTANT: Corrects an important UFS label bug introduced on 1.57. If you are running 1.57, you will need to fetch their fixlabel.sh script before upgrading to 1.58 *** OPNsense 15.7.22 Released (https://opnsense.org/opnsense-15-7-22-released/) An update to OPNsense has landed this week which includes the important updates to OpenSSL 1.0.2e and LibreSSL 2.2.5 A long-standing annoying bug with filter reload timeouts has finally been identified and sorted out as well, allowing the functionality to run quickly and “glitch free” again. Some newer ports for curl (7.46), squid (3.5.12) and lighttpd (1.4.38) have also been thrown in for good measure Some other minor UI fixes have also been included as well With the holidays coming up, if you are still running a consumer router, this may be a good time to convert over to a OPNsense or PFsense box and get yourself ready for the new year. *** iXsystems iXSystems releases vCenter Web Client Plug-in for TrueNAS (https://www.ixsystems.com/whats-new/2015/12/vcenter-web-client-plug-in-for-truenas-now-available/) Interview - Pawel Jakub Dawidek - pjd@FreeBSD.org (mailto:pjd@FreeBSD.org) News Roundup Developer claims the PS4 has been jail-broken (http://www.networkworld.com/article/3014714/security/developer-claims-ps4-officially-jailbroken.html) While not exactly a well-kept secret, the PS4’s proprietary “OrbOS” is FreeBSD based. Using this knowledge and a Kernel exploit, developer CTurt (https://twitter.com/CTurtE/) claims he was able jailbreak a WebKit process and gain access to the system. He has posted a small tease to GitHub, detailing some of the information gleaned from the exploit, such as PID list and root FS dump As such with these kinds of jailbreaks, he already requested that users stop sending him requests about game piracy, but the ability to hack on / run homebrew apps on the PS4 seems intriguing *** Sepherosa Ziehau is looking for testers if you have a em(4), emx(4), or igb(4) Intel device (http://lists.dragonflybsd.org/pipermail/users/2015-December/228461.html) DragonFly Testers wanted! Sephe has posted a request for users of the em(4), emx(4) and igb(4) intel drivers to test his latest branch and report back results He mentions that he has tested the models 82571, 82574 and 82573 (em/emx); 82575, 82576, 82580 and i350 specifically, so if you have something different, I’m sure he would be much appreciative of the help. It looks like the em(4) driver has been updated to 7.5.2, and igb(4) 2.4.3, and adds support for the I219-LM and I219-V NICS. *** OpenBSD Xen Support (https://marc.info/?l=openbsd-tech&m=144933933119525&w=2) Filed under the “Ohh, look what’s coming soon” section, it appears that patches are starting to surface for OpenBSD Xen DOMU support. For those who aren’t up on their Xen terminology, DomU is the unprivileged domain (I.E. Guest mode) Right now the patch exists at the link above, and adds a new (commented out) device to the GENERIC kernel, but this gives Xen users something new to watch for updates to. *** Thinkpad Backlit Keyboard support being worked on (http://freshbsd.org/commit/openbsd/b355449caa22e7bb6c460f7a647874836ef604f0) Another reason why Lenovo / ThinkPads are some of the best laptops currently to use with BSD, the kettenis over at the OpenBSD project has committed a patch to enable support for the “ThinkLight” For those who don’t know, this is the little light that helps illuminate the laptop’s keyboard under low-light situations. While the initial patch only supports the “real-deal” ThinkLight, he does mention that support will be added soon for the others on ThinkPads No sysctl’s to fiddle with, this works directly with the ACPI / keyboard function keys directly, nice! *** Deadline is approaching for Submissions of Tutorial Proposals for AsiaBSDCon 2016 (https://2016.asiabsdcon.org/cfp.html) Call for Papers for BSDCAN 2016 now open (http://www.bsdcan.org/2016/papers.php) + The next two major BSD conferences both have their CFP up right now. First up is AsiaBSDCon in Tokyo from March 10th-13th, followed by BSDCan in Ottawa, June 8th-11th. + If you are working on anything interesting in the BSD community, this is a good way to get the word out about your project, plus the conference pays for Hotel / Travel. + If you can make it to both, DO SO, you won’t regret it. Both Allan and Kris will be attending and we would look forward to meeting you. iohyve lands in ports (https://github.com/pr1ntf/iohyve) (http://www.freshports.org/sysutils/iohyve/) + Something we’ve mentioned in passing has taken its first steps in becoming reality for users! “iohyve” has now landed in the FreeBSD ports tree + While it shares a similar name to “iocage” its not directly related, different developers and such. However it does share a very similar syntax and some principles of ZFS usage + The current version is 0.7, but it already has a rather large feature set + Among the current features are ISO Management, resource management, snapshot support (via ZFS), and support for OpenBSD, NetBSD and Linux (Using grub-bhyve port) BeastieBits hammer mount is forced noatime by default (http://lists.dragonflybsd.org/pipermail/users/2015-November/228445.html) Show your support for FreeBSD (http://freebsdfoundation.blogspot.com/2015/12/show-your-support-for-freebsd.html) OpenBSD running in an Amazon EC2 t2.micro (https://gist.github.com/reyk/e23fde95354d4bc35a40) NetBSD's 2015Q4 Package freeze is coming (http://mail-index.netbsd.org/tech-pkg/2015/12/05/msg016059.html) ‘Screenshots from Developers’ that we covered previously from 2002, updated for 2015 (https://anders.unix.se/2015/12/10/screenshots-from-developers--2002-vs.-2015/) Feedback/Questions (slexy was down when I made these, I only did 3, since the last is really long, save rest for next week) Mark - BSD laptops (http://pastebin.com/g0DnFG95) Jamie - zxfer (http://pastebin.com/BNCmDgTe) Anonymous - Long Story (http://pastebin.com/iw0dXZ9P) ***
119: There be Dragons, BSD Dragons anyway
This week on BSDNow - It’s getting close to christmas and the This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines n2k15 hackathon reports (http://undeadly.org/cgi?action=article&sid=20151208172029) tedu@ worked on rebound, malloc hardening, removing legacy code “I don't usually get too involved with the network stack, but sometimes you find yourself at a network hackathon and have to go with the flow. With many developers working in the same area, it can be hard to find an appropriate project, but fortunately there are a few dusty corners in networking land that can be swept up without too much disturbance to others.” “IPv6 is the future of networking. IPv6 has also been the future of networking for 20 years. As a result, a number of features have been proposed, implemented, then obsoleted, but the corresponding code never quite gets deleted. The IPsec stack has followed a somewhat similar trajectory” “I read through various networking headers in search of features that would normally be exposed to userland, but were instead guarded by ifdef _KERNEL. This identified a number of options for setsockopt() that had been officially retired from the API, but the kernel code retained to provide ABI compatibility during a transition period. That transition occurred more than a decade ago. Binary programs from that era no longer run for many other reasons, and so we can delete support. It's only a small improvement, but it gradually reduces the amount of code that needs to be reviewed when making larger more important changes” Ifconfig txpower got similar treatment, as no modern WiFi driver supports it Support for Ethernet Trailers, RFC 893 (https://tools.ietf.org/html/rfc893), enabled zero copy networking on a VAX with 512 byte hardware pages, the feature was removed even before OpenBSD was founded, but the ifconfig option was still in place Alexandr Nedvedicky (sashan@) worked on MP-Safe PF (http://undeadly.org/cgi?action=article&sid=20151207143819) “I'd like to thank Reyk for hackroom and showing us a Christmas market. It was also my pleasure to meet Mr. Henning in person. Speaking of Henning, let's switch to PF hacking.” “mpi@ came with patch (sent to priv. list only currently), which adds a new lock for PF. It's called PF big lock. The big PF lock essentially establishes a safe playground for PF hackers. The lock currently covers all pftest() function. The pftest() function parts will be gradually unlocked as the work will progress. To make PF big lock safe few more details must be sorted out. The first of them is to avoid recursive calls to pftest(). The pftest() could get entered recursively, when packet hits block rule with return-* action. This is no longer the case as ipsend() functions got introduced (committed change has been discussed privately). Packets sent on behalf of kernel are dispatched using softnet task queue now. We still have to sort out pfroute() functions. The other thing we need to sort out with respect to PF big lock is reference counting for statekey, which gets attached to mbuf. Patch has been sent to hackers, waiting for OK too. The plan is to commit reference counting sometimes next year after CVS will be unlocked. There is one more patch at tech@ waiting for OK. It brings OpenBSD and Solaris PF closer to each other by one tiny little step.” *** ACM Queue: Challenges of Memory Management on Modern NUMA System (http://queue.acm.org/detail.cfm?id=2852078) “Modern server-class systems are typically built as several multicore chips put together in a single system. Each chip has a local DRAM (dynamic random-access memory) module; together they are referred to as a node. Nodes are connected via a high-speed interconnect, and the system is fully coherent. This means that, transparently to the programmer, a core can issue requests to its node's local memory as well as to the memories of other nodes. The key distinction is that remote requests will take longer, because they are subject to longer wire delays and may have to jump several hops as they traverse the interconnect. The latency of memory-access times is hence non-uniform, because it depends on where the request originates and where it is destined to go. Such systems are referred to as NUMA (non-uniform memory access).” So, depending what core a program is running on, it will have different throughput and latency to specific banks of memory. Therefore, it is usually optimal to try to allocate memory from the bank of ram connected to the CPU that the program is running on, and to keep that program running on that same CPU, rather than moving it around There are a number of different NUMA strategies, including: Fixed, memory is always allocated from a specific bank of memory First Touch, which means that memory is allocated from the bank connected to the CPU that the application is running on when it requests the memory, which can increase performance if the application remains on that same CPU, and the load is balanced optimally Round Robin or Interleave, where memory is allocated evenly, each allocation coming from the next bank of memory so that all banks are used. This method can provide more uniform performance, because it ensures that all memory accesses have the same change to be local vs remote. If even performance is required, this method can be better than something more focused on locality, but that might fail and result in remote access AutoNUMA, A kernel task routinely iterates through the allocated memory of each process and tallies the number of memory pages on each node for that process. It also clears the present bit on the pages, which will force the CPU to stop and enter the page-fault handler when the page is next accessed. In the page-fault handler it records which node and thread is trying to access the page before setting the present bit and allowing execution to continue. Pages that are accessed from remote nodes are put into a queue to be migrated to that node. After a page has already been migrated once, though, future migrations require two recorded accesses from a remote node, which is designed to prevent excessive migrations (known as page bouncing). The paper also introduces a new strategy: Carrefour is a memory-placement algorithm for NUMA systems that focuses on traffic management: placing memory so as to minimize congestion on interconnect links or memory controllers. Trying to strike a balance between locality, and ensuring that the interconnect between a specific pair of CPUs does not become congested, which can make remote accesses even slower Carrefour uses three primary techniques: Memory collocation, Moving memory to a different node so that accesses will likely be local. Replication, Copying memory to several nodes so that threads from each node can access it locally (useful for read-only and read-mostly data). Interleaving, Moving memory such that it is distributed evenly among all nodes. FreeBSD is slowly gaining NUMA capabilities, and currently supports: fixed, round-robin, first-touch. Additionally, it also supports fixed-rr, and first-touch-rr, where if the memory allocation fails, because the fixed domain or first-touch domain is full, it falls back to round-robin. For more information, see numa(4) and numa_setaffinity(2) on 11-CURRENT *** Is that Linux? No it is PC-BSD (http://fossforce.com/2015/12/linux-no-pc-bsd/) Larry Cafiero continues to make some news about his switch to PC-BSD from Linux. This time in an blog post titled “Is that Linux? No, its PC-BSD” he describes an experience out and about where he was asked what is running on his laptop, and was unable for the first time in 9 years to answer, it’s Linux. The blog then goes on to mention his experience up to now running PC-BSD, how the learning curve was fairly easy coming from a Linux background. He mentions that he has noticed an uptick in performance on the system, no specific benchmarks but this “Linux was fast enough on this machine. But in street racing parlance, with PC-BSD I’m burning rubber in all four gears.” The only major nits he mentions is having trouble getting a font to switch in FireFox, and not knowing how to enable GRUB quiet mode. (I’ll have to add a knob back for that) *** Dual booting OS X and OpenBSD with full disk encryption (https://gist.github.com/jcs/5573685) New GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs This tutorial walks the read through the steps of installing OpenBSD side-by-side with Mac OS X First the HFS+ partition is shrunk to make room for a new OpenBSD partition Then the OpenBSD installer is run, and the available free space is setup as an encrypted softraid The OpenBSD installer will add itself to the EFI partition Rename the boot loader installed by OpenBSD and replace it with rEFInd, so you will get a boot menu allowing you to select between OpenBSD and OS X *** Interview - Paul Goyette - pgoyette@netbsd.org (mailto:pgoyette@netbsd.org) NetBSD Testing and Modularity *** iXsystems iXsystems Wins Press and Industry Analyst Accolades in Best in Biz Awards 2015 (http://www.virtual-strategy.com/2015/12/08/ixsystems-wins-press-and-industry-analyst-accolades-best-biz-awards-2015) *** News Roundup HOWTO: L2TP/IPSec with OpenBSD (https://www.geeklan.co.uk/?p=2019) *BSD contributor Sevan Janiyan provides an update on setting up a road-warrior VPN This first article walks through setting up the OpenBSD server side, and followup articles will cover configuring various client systems to connect to it The previous tutorial on this configuration is from 2012, and things have improved greatly since then, and is much easier to set up now The tutorial includes PF rules, npppd configuration, and how to enable isakmpd and ipsec L2TP/IPSec is chosen because most operating systems, including Windows, OS X, iOS, and Android, include a native L2TP client, rather than requiring some additional software to be installed *** DragonFly 4.4 Released (http://www.dragonflybsd.org/release44/) DragonFly BSD has made its 4.4 release official this week! A lot of big changes, but some of the highlights Radeon / i915 DRM support for up to Linux Kernel 3.18 Proper collation support for named locales, shared back to FreeBSD 11-CURRENT Regex Support using TRE “As a consequence of the locale upgrades, the original regex library had to be forced into POSIX (single-byte) mode always. The support for multi-byte characters just wasn't there. ” …. “TRE is faster, more capable, and supports multibyte characters, so it's a nice addition to this release.” Other noteworthy, iwm(4) driver, CPU power-saving improvements, import ipfw from FreeBSD (named ipfw3) An interesting tidbit is switching to the Gold linker (http://bsd.slashdot.org/story/15/12/04/2351241/dragonflybsd-44-switches-to-the-gold-linker-by-default) *** Guide to install Ajenti on Nginx with SSL on FreeBSD 10.2 (http://linoxide.com/linux-how-to/install-ajenti-nginx-ssl-freebsd-10-2/) Looking for a webmin-like interface to control your FreeBSD box? Enter Ajenti, and today we have a walkthrough posted on how to get it setup on a FreeBSD 10.2 system. The walkthrough is mostly straightforward, you’ll need a FreeBSD box with root, and will need to install several packages / ports initially. Because there is no native package (yet), it guides you through using python’s PIP installer to fetch and get Ajenti running. The author links to some pre-built rc.d scripts and other helpful config files on GitHub, which will further assist in the process of making it run on FreeBSD. Ajenti by itself may not be the best to serve publically, so it also provides instructions on how to protect the connection by serving it through nginx / SSL, a must-have if you plan on using this over unsecure networks. *** BSDCan 2016 CFP is up! (http://www.bsdcan.org/2016/papers.php) BSDCan is the biggest North American BSD conference, and my personal favourite The call for papers is now out, and I would like to see more first-time submitters this year If you do anything interesting with or on a BSD, please write a proposal Are the machines you run BSD on bigger or smaller than what most people have? Tell us about it Are you running a big farm that does something interesting? Is your university research using BSD? Do you have an idea for a great new subsystem or utility? Have you suffered through some horrible ordeal? Make sure the rest of us know the best way out when it happens to us. Did you build a radar that runs NetBSD? A telescope controlled by FreeBSD? Have you run an ISP at the north pole using Jails? Do you run a usergroup and have tips to share? Have you combined the features and tools of a BSD in a new and interesting way? Don’t have a talk to give? Teach a tutorial! The conference will arrange your air travel and hotel, and you’ll get to spend a few great days with the best community on earth Michael W. Lucas’s post about the 2015 proposals and rejections (http://blather.michaelwlucas.com/archives/2325) *** Beastie Bits OpenBSD's lightweight web server now in FreeBSD's ports tree (http://www.freshports.org/www/obhttpd/) Stephen Bourne's NYCBUG talk is online (https://www.youtube.com/watch?v=FI_bZhV7wpI) Looking for owner to FreeBSDWiki (http://freebsdwiki.net/index.php/Main_Page) HOWTO: OpenBSD Mail Server (http://frozen-geek.net/openbsd-email-server-1/) A new magic getopt library (http://www.daemonology.net/blog/2015-12-06-magic-getopt.html) PXE boot OpenBSD from OpenWRT (http://uggedal.com/journal/pxe-boot-openbsd-from-openwrt/) Supporting the OpenBSD project (http://permalink.gmane.org/gmane.os.openbsd.misc/227054) Feedback/Questions Zachary - FreeBSD Jails (http://slexy.org/view/s20pbRLRRz) Robert - Iocage help! (http://slexy.org/view/s2jGy34fy2) Kjell - Server Management (http://slexy.org/view/s20Ht8JfpL) Brian - NAS Setup (http://slexy.org/view/s2GYtvd7hU) Mike - Radius Followup (http://slexy.org/view/s21EVs6aUg) Laszlo - Best Stocking Ever (http://slexy.org/view/s205zZiJCv) ***
118: BSD is go for Launch
Coming up on BSDNow - We know init systems have been all the rage This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines Interview with Renato Westphal (http://undeadly.org/cgi?action=article&sid=20151123113224&mode=expanded) An interview with Brazilian OpenBSD developer Renato Westphal He describes how he first got into OpenBSD, working on a University-Industry partnership program and looking to deploy LDP (Label Distribution Protocol) for MPLS. He ported OpenBSDs ldpd(8) to Linux, but then contributed his bug fixes and improvements back to OpenBSD When asked if he was motivated to replace closed-source router implementations with OpenBSD: “Well, I don't administer any network, I work full time as a programmer. I have some friends however that succeeded replacing closed vendor solutions with OpenBSD boxes and that for sure motivates me to keep doing what I'm doing. My biggest motivation, however, is the challenge of resolving complex problems writing trivially simple code that is both secure and efficient.” They also go on to discuss some of the interesting features of EIGRP, and developing eigrpd(8) What do you think is missing from routing in OpenBSD: “Implementing new features and protocols while they are in their draft stage in IETF. I'd like to see OpenBSD as the reference platform for the development of new routing and networking technologies in general” *** Let’s Encrypt on a FreeBSD NGINX reverse proxy (http://savagedlight.me/2015/11/24/lets-encrypt-on-a-freebsd-nginx-reverse-proxy/) We have a neat guide/story today on how to setup the “Let’s Encrypt” certificates on a FreeBSD / nginx reverse proxy Backstory: For those who don’t know, “Let’s Encrypt” (https://letsencrypt.org) is a new Certificate Authority, which will allow you to create free and automated certificates. They have been in closed beta for several months now, and will be opening to a public beta Dec 3rd (tomorrow) This guide is particularly timely, since by the time most of you are watching this episode, the public beta will be up and running. Most of the instructions are fairly straight-forward. She starts by installing the lets-encrypt package from ports/pkg and modifying her nginx with a ‘catch-all’ vhost that re-directs traffic to the https versions of a site. With that done, the certificate creation is just a few commands to get started, in which she shows creating a cert for multiple domains As a bonus! She includes a nice renewal script which can be run from cron. It will monitor the certs daily, and renew it when it’s 14 days from expiring, or throw an error for somebody to look at. *** Mike Larkins OpenBSD vmm subsystem now in tree (http://marc.info/?l=openbsd-tech&m=144822644214614&w=2) An openBSD native hypervisor has taken another step closer to reality, with Mike Larkin pushing the initial bits of “vmm” into the base kernel/world He mentions in the commit message that it still needs a lot of work, and as such is disabled by default. However for the adventurous among you, it can be turned on and tested Right now there is no BIOS, and as such it can only be used to boot other OpenBSD instances, although he mentions other BSD’s could be supported fairly quickly (He did a 1 hour port to bootstrap NetBSD) No big documentation expected for this release, since there is so much ongoing churn. Take a look at the man page for details on getting started. *** The story of how Yahoo switched to FreeBSD (http://zer0.org/daemons/yahoobsd.html) Yahoo originally started running on SunOS, but quickly found it not able to cope with the high frequency of HTTP requests “Having spend many frustrating hours trying to install other PC OS's, I was a bit skeptical. I had no intention of spending three days trying to install yet another one. To my surprise I went to the FreeBSD Web site, downloaded the floppy boot image, booted a PC with the created floppy, answered a few install questions, and a few minutes later FreeBSD was installing over the Net. The real surprise was when I came back later to a fully configured system that actually worked.” “If anything had gone wrong with that install it would likely been the end of that trial. Luckily for us that it was the easiest and most painless OS installs I had ever experienced.” Just that easily, Yahoo might never have ended up on FreeBSD “A couple of days later we added a FreeBSD box to our cluster of Web servers. Not only did it out-perform the rest of our machines, but it was more stable.” From my understanding of stories told over dinner, Yahoo had a few very important perl scripts, and they tended to crash on Linux, but kept running without issue on FreeBSD Related hackernews thread (https://news.ycombinator.com/item?id=10558288) *** iXsystems iXsystem's recap of LISA 2015 (https://www.ixsystems.com/whats-new/lisa-2015/) *** Interview - Mark Heily - mark@heily.com (mailto:mark@heily.com) / @MarkHeily (https://twitter.com/MarkHeily) relaunchd (https://github.com/mheily/relaunchd) *** News Roundup Inline Intrusion Prevision System is an upcoming OPNSense Feature (https://opnsense.org/inline-intrusion-prevention/) The next OPNSense release, 16.1 is around the corner and today we have a sneak peek at their new Inline Intrusion Prevention system Suricata working with Netmap 2.1 enabled version, which allows Deep Packet Inspection of traffic. Such as looking at each packet individually and only blocking specific ones. They use the example of blocking Warcraft (oh noes!) Enabling this feature is just a simple mouse-click away, and various default rules are included as part of the Emerging Threats Community rules. *** Matthew Dillion working on Hardlinks in Hammer2 (http://lists.dragonflybsd.org/pipermail/commits/2015-November/458763.html) We have an interesting commit from Matthew Dillon for Hammer2, specifically targeted at hard-links The backstory he gives us: “The H2 design has had a long-standing problem of losing track of hardlinks when intermediate directories are renamed, breaking the common-parent-directory design for the inode target.” The implemented fix was one which instead places the hardlink target in the first common parent directory, which is marked with “xlink” via chflag If no parent directory is marked “xlink”, it will fall-through instead to the root of the mount They also modified their installworld to set “/” /usr/,/var/,/home/ as “xlink” flagged This prevents moving hard-links across these directories, but is similar to dealing with multiple partitions / datasets already. *** Japan's NetBSD User Group showed off some NetBSD machines at the 2015 Tokushima Open Source Conference (http://lists.nycbug.org/pipermail/talk/2015-November/016403.html) It’s been a little while since we’ve shown off a bunch of odd devices running NetBSD, but we have an update from the 2015 Tokushima Open Source Conference. This time around, we have pictures of the booth, as well as a variety of oddities such as: ODroid-C1 / Sharp X68030 Sharp NetWalker Sharp WZero3 (Cell phone) Give them a look, this time around they have nice cards pictured which details the hardware being used (in english none the less!) *** One of the three OpenBSD users Blog Post by Adam Wolk (http://blog.tintagel.pl/2015/11/22/one-of-the-three-openbsd-users.html) An OpenBSD user comments on a recent interaction with the syncthing project (a dropbox like alternative) The application has an auto-update feature (which doesn’t mix well with package systems in the first place), but it doesn’t work on OpenBSD because there is no /proc/curproc/file to determine the filename of the executable. This is a trivially easy task, but when the bug was reported, syncthings response was “Maybe one of the three (https://data.syncthing.net/#metrics) OpenBSD users feel strongly enough about this to propose a patch. :D” Part of the issue is that many users (especially the type that would run OpenBSD) opt out of reporting metrics, so OpenBSD is under-represented in the metrics the project developers are basing their decisions on Maybe someone can post a patch to solve the problem. While FreeBSD can provide a linux procfs, it would be better to use a more portable way to get the location of the process binary *** BeastieBits DragonFly BSD 4.4 RC branch created (http://lists.dragonflybsd.org/pipermail/commits/2015-November/458818.html) HOWTO: NFS booting bhyve (http://oshogbo.vexillium.org/blog/39/) DragonFly BSD is looking for a 4.4 RC image by the end of November (http://lists.dragonflybsd.org/pipermail/kernel/2015-November/175040.html) Support for Atheros QCA953x "Honeybee" has been added to FreeBSD (https://svnweb.freebsd.org/base?view=revision&revision=290910) Top updated in DragonflyBSD to allow the 'c' command (http://lists.dragonflybsd.org/pipermail/commits/2015-November/458692.html) FreeBSD textbook makes appearance on the 6pm news in the Netherlands 12:49 (http://www.npo.nl/nos-journaal/30-11-2015/POW_00941854) SemiBug gives a recap of its Inaugural meeting and its plans for future meetups (http://blather.michaelwlucas.com/archives/2495) *** Feedback/Questions Adam - GELI on USB (http://slexy.org/view/s204HRCPdR) Noble - Radius on FreeBSD (http://slexy.org/view/s21q2WWisr) Jim - Backporting Wifi Code (http://slexy.org/view/s21L59OGyF) Mohammad - Zombies! (http://slexy.org/view/s20nWwzTGS) Miguel - ScaleEngine BTS (http://slexy.org/view/s201Kpd4GX) ***
117: The Cantrill Strikes Back: ...
This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines Why did I choose the DragonFlyBSD Operating System by Siju George (http://bsdmag.org/siju_george/) We have a new article this week by Siju George posted over at BSDMag, talking about his reasons for using DragonFlyBSD in production. He ran through periods of using both Free/OpenBSD, but different reasons led him away from each. Specifically problems doing port upgrades on FreeBSD, and the time required to do fsck / raid parity checks on OpenBSD. During his research, he had heard about the HAMMER file-system, but didn’t know of anybody running it in production. After some mailing list conversions, and pointers from Matthew Dillon, he took the plunge and switched. Now he has fallen in love with the operating system, some of the key strengths he notes at: Rolling-Release model, which can be upgraded every few weeks or whenever he has the time No time-consuming fsck after a unclean shutdown No RAID parity checks while still having redundancy Able to add volumes to HAMMER on the fly He also mentions looking forward to HAMMER2, and its potential for easy clustering support, along with eventual CARP implementation so he can run two systems on the same IP. *** The Devil & BSD - Larry Cafiero (http://fossforce.com/2015/11/devil-bsd-leaving-linux-behind/) A story that has been making the rounds on social media is by Larry Cafiero, on his reasons for deciding to switch from Linux over to the BSD side of things. While most of the reasons are over the conflicts surrounding behavior by Linux leaders towards those in the community, he does mention that he has converted his main workstation over to PC-BSD. According to Larry, “With a couple of hours of adding backup files and tweaking (augmented by a variety of “oh, look” moments which could easily make me the ADHD Foundation Poster Boy), it looks exactly like my personally modified Korora 22 Xfce which graced the machine earlier. “ He also gave a great compliment to the quality of the docs / applications in PC-BSD: “In addition, you have to like a operating system which gives you a book — in this case, the PC-BSD Handbook — which should be the gold standard of documentation. It’s enviable, as in, “man, I wish I had written that.” Also programs like AppCafe provide a plethora of FOSS software, so there’s no shortage of programs. Side by side, there’s nothing on the Linux side of things that is lacking on the BSD side of things.” Regardless the initial reason for the switch, we are glad to have him and any other switchers join us on the BSD side of FOSS. *** New resource for BSD-schoolin’ (http://teachbsd.org/) “The initial repository (https://github.com/teachbsd/course) contains all of the material for the practitioner and masters style courses as well as a PDF for the teaching guide. All of the material is licensed under a BSD doc team license, also visible in the repo and on the github site.” “we expect all other work, including the extension of the practitioner course to 5 days, and the adaptation of the graduate course to undergraduates will be in the github repo” “Our goal now is to recruit a small number of universities to partner with us to teach this material. We will keep you posted on our progress.” We are working on getting an interview lined up to talk more about this project If I somehow find the time, I am try to contribute towards a sysadmin course similar to what I used to teach at an Arts&Tech College here in Canada *** A Few thoughts on OpenBSD 5.8 (http://lippard.blogspot.co.uk/2015/11/a-few-thoughts-on-openbsd-58.html) A user details their thoughts, reactions, and concerns after upgrading to OpenBSD 5.8 Among the changes: sudo was removed and replaced as doas. The user decided to make the switch, but ran into a bug with line continuation (\ to escape newline to continue a long line) The removal of TCP Wrappers support from ssh - this caused a number of rules in hosts.allow to no longer be respected. The FreeBSD port of openssh-portable has a patch to readd TCP wrappers because many people find it useful, including myself, when the ssh is in a jail and cannot run a firewall The removal of the pfrules= rc.conf variable. “I used to just put the default pf.conf rules file in place with each release and upgrade, and keep my changes in a pf.conf.local file that was specified in the pfrules variable. The effect was that from the period after the upgrade until I noticed the change, my systems were using the default rules and thus more exposed than they were supposed to be” This is what is often called a “POLA Violation”, Policy of Least Astonishment. When deciding what the system should do after some change or new feature is introduced, it should be the thing that will be the least “surprising” to the user. Having your firewall rules suddenly not apply, is surprising. “A minor annoying change that was made in 5.8 was putting the file /var/unbound/db/root.key into /etc/changelist, so that the file gets checked daily by the security script. The issue with this is that if you are actually using unbound with DNSSEC, this file changes daily, though only in the comments” It is very helpful to see a list of feedback like this after a release, so that the next release can be better I would be interested in seeing similar feedback for the other BSDs *** Interview - Bryan Cantrill - @bcantrill (https://twitter.com/bcantrill) Linux Interface Rants News Roundup FreeBSD AMI building AMI - Colin’s Corner (http://www.daemonology.net/blog/2015-11-21-FreeBSD-AMI-builder-AMI.html) Colin Percival (Of TarSnap Fame) has brought us a new article this week on how to create your own custom EC2 AMI builds. This new tool and instructions allows the creation of AMI files, without needing to go through the hassle of doing a fresh FreeBSD release build each time. Essentially it works similar to Colin’s previous “de-penguinator” utility, by running a FreeBSD in a memory instance, allowing the disk to be unmounted and prepped for becoming an AMI. The hope is that this new work allows easier creation of a new variety of “customized” FreeBSD instances, for end users to download and deploy at will. *** Peter Hessler on OpenBSD / OpenBGPd (https://ripe71.ripe.net/archives/video/1200/) Last week a new video landed of Peter Hessler giving us a status update on OpenBSD tech, and OpenBGPd specifically Of interest, he notes that LibreSSL is being used in iOS / OSX, and of course PF is used all over, Apple, BSD, Solaris and even a Windows port! OpenNTPD gets a mention as well, still ZERO CVEs for the lifetime of the project On the OpenBGPd side, it is considered production ready, so no reason to hold back deployment Very “feature-complete”, able to handle Edge Router, Route server, Multi-RIB. Slew of optional features like route reflector, looking glass, mrt dumps, mpls / mpls vpn. Bugs fixed, crashers, memory constraints and performance has been improved Filtering Performance, in example provided, importing 561K rules / 60K prefixes, went from 35 minutes down to 30 seconds. *** Onion Omega Updates (https://github.com/freebsd/freebsd-wifi-build/wiki/Onion-Omega) I have a newer kernel config that will be committed soon that hooks up the system LED, and the three LEDs on the expansion dock via /dev/led I also have the I2C interface working to talk to the Relay and Servo expansions I have not determined the exact protocol for the Servo expansions, but the relay expansion is fairly simple to operate Instructions have been added to the wiki I have managed to use the GPIO to toggle external LEDs and to read the value from a switch I have also used the Servo PWM controller to dim an LED and control the speed of a PWM computer case fan My plan is to operate a 32x32 multi colour LED matrix from the device for an interactive christmas display *** FreeBSD Mastery: ZFS Book review (http://www.cyberciti.biz/datacenter/book-review-freebsd-mastery-zfs/) Book can be purchased here (http://smile.amazon.com/FreeBSD-Mastery-ZFS-7/dp/0692452354/) or from the list of vendors including directly from the author here (http://www.zfsbook.com/) *** Beastie Bits Computer History Museum is looking for Bell Labs UNIX (http://www.computerhistory.org/artifactdonation/) ACM Queue Portrait: Robert Watson (https://youtu.be/rA_5Cz99z28) Video Collection about BSD History, put together by FreeBSDNews (https://www.freebsdnews.com/2015/11/12/bsd-videos/) Minix announces its 2016 conference (http://www.minix3.org/conference/2016/) Chris Henschen from fP Technologies' talk about BSD is now online (http://bsdtalk.blogspot.com/2015/10/bsdtalk258-chris-henschen-from-fp.html) Mike Larkin and Theo de Raadt's talks from Hackfest this year in Quebec are online (http://undeadly.org/cgi?action=article&sid=20151123161651&mode=expanded) FreeBSD on a BeagleBoneBlack with a Touchscreen Display (http://kernelnomicon.org/?p=534) Dan Langille will be talking at CINLUG (http://www.cinlug.org/meetings/2015/December) Feedback/Questions John - Rpi2 and BSD (http://slexy.org/view/s2Gm06eC0Y) Roger - Win10 + FreeBSD (http://slexy.org/view/s2Kf2FG84H) Anonymous - Sharing Socket (http://slexy.org/view/s21bOG5UhS) Brad - Scrub Repaired (http://slexy.org/view/s20bKjCNXW) Kelly - Automated Provisioning (http://slexy.org/view/s2qb07BC2G) ***
116: Arcing ZFS
This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! Headlines How to create new binary packages in the Ports system on OpenBSD (http://functionallyparanoid.com/2015/11/06/where-do-binary-packages-come-from/) Creating a port is often a great first step you can take to get involved in your favorite BSD of choice, and (often) doesn’t require any actual programming to do so. In this article we have a great walkthrough for users on creating a new ported application, and eventually binary package, on OpenBSD As mentioned in the tutorial, a good starting place is always an existing port, which can you use as a template for your new creation. Tip: Try to pick something similar, I.E. python for a python app, Qt for Qt, etc. This tutorial will first walk you through the process of creating your Makefile and related description about the new port. Once you’ve created the initial Makefile, there are a bunch of new “make” targets you can begin to run to try building your port, everything from “make fetch” to “make makesum” and “make package”. Using these tests you can verify that your port is correct and results in the installable package/app you wanted. *** Status update on pledge(2) (http://undeadly.org/cgi?action=article&sid=20151116152318) OpenBSD has been working very aggressively to convert much of their base system applications to using pledge(2) “Formerly Tame(2)) Theo has provided a great status update on where that stands as of right now and the numbers look like the following: Out of 600 ELF binaries, 368 of them have been updated to utilize pledge(2) in some manner This is quite a few, and includes everything from openssl, ping, sftp, grep, gzip and much more There are still a number of “pledge-able” commands waiting for conversion, such as login, sysctl, nfsd, ssh and others. He also mentions that there does exist some subset of commands which aren’t viable pledge(2) candidates, such as simple things like “true”, or commands like reboot/mount or even perl itself. *** FreeBSD booting on the Onion Omega (https://onion.io/omega/) Tiny $19 MIPS SoC ($25 with dock that provides built in mini-USB Serial interface, power supply, LED lights, GPIO expansion, USB port, etc) A number of pluggable ‘expansions’ are available, including: Arduino Dock (connect the Omega device to your existing Arduino components) Blue Tooth Lower Energy 10/100 Ethernet Port Relay expansion (2 relays each, can stack up to 8 expansions to control 16 relays) Servo expansion (control up to 16 PWM servos, like robotic arms or camera mounts) OLED expansion (1" monochrome 128x64 OLED display) Thermal Printer Kit (includes all wiring and other components) The device is the product of a successful Kick Starter campaign (https://www.kickstarter.com/projects/onion/onion-omega-invention-platform-for-the-internet-of/description) from March of this year Specs: Atheros AR9330 rev1 400MHZ MIPS 24K 64MB DDR2 400MHz 16MB Flash 802.11b/g/n 150Mbps Atheros Wifi + 100mbps Atheros Wired Ethernet 18 GPIO Pins USB Controller Using the freebsd-wifi-build (https://github.com/freebsd/freebsd-wifi-build/wiki) tool, I was able to build a new firmware for the device based on a profile for a similar device based on the same Atheros chip. I hope to have time to validate some of the settings and get them posted up into the wiki and get the kernel configuration committed to FreeBSD in the next week or two It is an interesting device compared to the TP-Link WDR3600’s we did at BSDCan, as it has twice as much flash, leaving more room for the system image, but only half as much ram, and a slower CPU *** SSH Performance testing (https://wiki.freebsd.org/SSHPerf) There has been a discussion (https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058244.html) about the value of upkeeping the HPN (High Performance Networking) patch to OpenSSH in the base system of FreeBSD As part of this, I did some fresh benchmarks on my pair of new high end servers The remaining part to be done is testing different levels of latency By tweaking the socket buffer sizes, I was able to saturate the full 10 gigabit with netcat, iperf, etc From the tests that have been done so far, it doesn’t look like even the NONE cipher can reach that level of performance because of the MAC (Message Authentication Code) It does appear that some of the auto-tuning in HPN is not worked as expected Explicitly setting -oTcpRcvBuf=7168 (KB) is enough to saturate a gigabit with 50ms RTT (round trip time) *** iXsystems iX gives an overview of FreeBSD at SeaGl 2015 (https://www.ixsystems.com/whats-new/seagl-2015/) On the FreeNAS Blog, Michael Dexter explains the ZFS Intent Log and SLOG (http://www.freenas.org/whats-new/2015/11/zfs-zil-and-slog-demystified.html) Interview - George Wilson - wilzun@gmail.com (mailto:wilzun@gmail.com) / @zfsdude (https://twitter.com/zfsdude) OpenZFS and Delphix *** News Roundup Nicholas Marriott has replaced the aging version of less(1) in OpenBSD (http://undeadly.org/cgi?action=article&sid=20151105223808) Sometimes less isn’t more, it’s just less In this story, we have news that the old version of less(1) in OpenBSD has now been ripped out in favor of the more modern fork from illumos founder Garrett D’Amore. In addition to being a “more” modern version, it also includes far “less” of the portability code, uses terminfo, replacing termcap and is more POSIX compliant. *** FreeBSD gets initial support for advanced SMR drives (https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058522.html) Kenneth D. Merry ken@freebsd.org has developed initial support for Host Managed, and Host Aware Shingled Magnetic Recording drives in FreeBSD, available as a patch against both -current and 10-stable “This includes support for Host Managed, Host Aware and Drive Managed SMRdrives that are either SCSI (ZBC) or ATA (ZAC) attached via a SAScontroller. This does not include support for SMR ATA drives attached viaan ATA controller. Also, I have not yet figured out how to properly detecta Host Managed ATA drive, so this code won't do that.” SMR drives have overlapping tracks, because the read head can be much smaller than the write head The drawback to this approach is that writes to the disk must take place in 256 MB “zones” that must be written from the beginning New features in the patch: A new 'camcontrol zone' command that allows displaying and managing drive zones via SCSI/ATA passthrough. A new zonectl(8) utility that uses the new DIOCZONECMD ioctl to display and manage zones via the da(4) (and later ada(4)) driver. Changes to diskinfo -v to display the zone mode of a drive. A new disk zone API, sys/sys/disk_zone.h. A new bio type, BIO_ZONE, and modifications to GEOM to support it. This new bio will allow filesystems to query zone support in a drive and manage zoned drives. Extensive modifications to the da(4) driver to handle probing SCSI and SATA behind SAS SMR drives. Additional CAM CDB building functions for zone commands. “We (Spectra Logic) are working on ZFS changes that will use this CAM and GEOM infrastructure to make ZFS play well with SMR drives. Those changes aren't yet done.” It is good to see active development in this area, especially from experts in archival storage A second patch (https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058521.html) is also offered, that improves the pass(4) passthrough interface for disks, and introduces a new camdd(8) command, a version of dd that uses the pass(4) interface, kqueue, and separate reader/writer threads for improved performance He also presents a feature wishlist that includes some interesting benchmarking features, including a ‘sink’ mode, where reads from the device are just thrown away, rather than having to write then to /dev/null *** Initial implemtnation of 802.11n now in iwm(4) (http://undeadly.org/cgi?action=article&sid=20151112212739) OpenBSD laptop users rejoice! 802.11n has landed! Initially only for the iwm(4) driver, support is planned for other devices in the future Includes support for all the required (non-optional) bits to make 802.11N functional Adds a new 11n mode to ifmedia, and MCS (modulation coding scheme) that sits alongside the ieee80211_rateset structure. No support for MIMO / SGI (Short Guard Interval) or 40 MHz wide-channels, but perhaps we will see those in a future update. They are asking users for testing against a wide variety of any/all APs! *** Freebsd adds support for Bluetooth LE Security Management (https://svnweb.freebsd.org/base?view=revision&revision=290038) FreeBSD + BlueTooth, not something we discuss a lot about, but it is still under active development. The most recently added features come from Takanori Watanabe, and adds new LE Security Management. Specifically, it enables support for BLE Security Manager Protocol(SMP), and enables a userland tool to wait for the underlying HCI connection to be encrypted. *** Building OpnSense on HardenedBSD (http://0xfeedface.org/2015/11/07/hbsd-opnsense.html) Looking for a way to further Harden your router? We have a tutorial from the HardenedBSD developer, Shawn Webb, about how to build OpnSense on HBSD 10-STABLE. You’ll need to first be running HBSD 10-STABLE somewhere, in this article he is using bhyve for the builder VM. The build process itself is mostly pretty straight-forward, but there are a number of different repos that all have to be checked out, so pay attention to which goes where. +In this example he does a targeted build for a Netgate RCC-VE-4860, but you can pick your particular build. *** Beastie Bits 1 BTC bounty for chromium bug! (https://github.com/gliaskos/freebsd-chromium/issues/40) DesktopBSD 2.0 M1 released (http://www.desktopbsd.net/forums/threads/desktopbsd-2-0-m1-released.806/) By implementing asynchronous pru_attach for UDP, Sepherosa Ziehau has increased connect rate by around 15K connections per second (http://lists.dragonflybsd.org/pipermail/commits/2015-October/458500.html) Stephen Bourne, known for the Bourne Shell, will be giving a talk at NYCBUG this week (http://lists.nycbug.org/pipermail/talk/2015-October/016384.html) Tor Browser 5.0.3 for OpenBSD released (http://lists.nycbug.org/pipermail/talk/2015-October/016390.html) The Tor BSD Diversity Project (https://torbsd.github.io/) aim to Increase the number of Tor relays running BSDs. We envision this happening by increasing the total number of relays, with the addition of more BSD users running relays; Make the Tor Browser available under BSD operating systems using native packaging mechanisms. Our first target is OpenBSD; Engage the broader BSD community about the Tor anonymity network and the place that BSD Unix should occupy in the privacy community at large. Screenshots from Unix People circa 2002 (https://anders.unix.se/2015/10/28/screenshots-from-developers--unix-people-2002/) Feedback/Questions Dominik - Bhyve Setup (http://slexy.org/view/s21xTyirkO) John - beadm + GELI (http://slexy.org/view/s2YVi7ULlJ) Darrall - ZFS + RAID = Problems (http://slexy.org/view/s20lRTaZSy) Hamza - Which shell? (http://slexy.org/view/s2omNWdTBU) Amenia - FreeBSD routing (http://slexy.org/view/s21Y8bPbnm) ***
115: Controlling the Transmissions
Controlling the Transmissions This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines FreeBSD 2015 Vendor Dev Summit (https://wiki.freebsd.org/201511VendorDevSummit) FreeBSD Quarterly Status Report - Third Quarter 2015 (https://www.freebsd.org/news/status/report-2015-07-2015-09.html) We have a fresh quarterly status report from the FreeBSD project. Once again it almost merits an entire show, but we will try to hit all the highlights. Bhyve - Porting of the Intel edk2 UEFI firmware, allowing Windows in headless mode, and Illumos support. Also porting to ARM has begun! Improved Support for Acer C720 ChromeBooks High Availability Clustering in CTL (Cam Target Layer) Root Remounting (Similar to pivot_root in Linux). This work allows using “reboot -r” to do a fast-reboot, with a partial shutdown, kill all processes, and re-mount rootfs and boot. Especially useful for booting from mfs or similar then transitioning to iscsi or some other backing storage OpenCL Support in Mesa, as well as kernel progress on the i915 driver Improved support for UEFI FrameBuffer on a bunch of recent MacBook Pro and other Macs, in addition to improvements to “vt” framebuffer driver for high resolution displays. ZFS support for UEFI Boot (Needs testing, but used in PC-BSD for a couple months now), and importing new features from IllumOS (resumable send, receive prefetch, replication checksumming, 50% less ram required for L2ARC, better prefetch) DTrace SDT probes added to TCP code, to replace the old TCPDEBUG kernel option. Recompiling the kernel is no longer required to debug TCP, just use DTrace Ongoing work to bring us a native port/package of GitLab *** Meteor, the popular javascript web application framework has been forked to run on FreeBSD, OpenBSD and NetBSD - FreeBSD testers requested (https://forums.meteor.com/t/freebsd-testers-please/12919/10) We have a public call for testing for FreeBSD users of Meteor by Tom Freudenberg The included link includes all the details on how to currently get meteor boot-strapped on your box and bring up the server So far the reports are positive, many users reporting that it is running on their 10.2 systems / jails just fine. Just a day ago the original porter mentioned that OpenBSD is ready to go for testing using the prepared dev bundle. *** Mike Larkin work continues on an native OpenBSD hypervisor, which he has announced is now booting (http://undeadly.org/cgi?action=article&sid=20151101223132) Speaking of OpenBSD, we have an update from Mike Larkin about the status of the OpenBSD native hypervisor vmm(4). His twitter post included the output from a successful VM bootup of OpenBSD 5.8-current, all the way to multi-user While the code hasn’t been committed (yet) we will keep you informed when it lands so you too can begin playing with it. *** This is how I like open source (http://blog.etoilebsd.net/post/This_is_how_I_like_opensource) A blog post by FreeBSD Core Team member, and one of the lead developers of pkg, Baptiste Daroussin One project he has been working on is string collation Garrett d'Amore (of IllumOS) implemented unicode string collation while working for Nexenta and made it BSD license John Marino (from Dragonfly) imported the work done on Illumos into Dragonfly, while he was doing that he decided, it was probably a good idea to rework how locales are handled He discovered that Edwin Groothuis (from FreeBSD) had long ago started a project to simplify locales handling on FreeBSD He extended the tools written by Edwin and has been able to update Dragonfly to the latest (v27 so far) unicode definitions John Marino has worked with Bapt many times on various projects (including bringing pkg and ports to Dragonfly) Bapt decided it was time that FreeBSD got proper string collation support as well, and worked with John to import the support to FreeBSD Bapt spotted a couple of bugs and worked with John on fixing them: issues with eucJP encoding, issues with Russian encoding (John did most of the work on tracking down and fixing the bugs), Bapt also converted localedef (the tool to generate the locales) into using BSD license only code (original version used the CDDL libavl library which I modified to use tree(3)), fixed issues. I also took the locale generation from Edwin (extended by John) This work resulted in a nice flow of patches going from Dragonfly to FreeBSD and from FreeBSD to Dragonfly. And now Garrett is interested in grabbing back our patches into Illumos! The result of this collaboration is that now 3 OS share the same implementation for collation support! This is very good because when one discovers a bug the 3 of them benefit the fix! The biggest win here is that this was a lot of work, and not an area that many people are interested in working on, so it was especially important to share the work rather than reimplement it separately. *** Interview - Hiren Panchasara - hiren@freebsd.org (mailto:hiren@freebsd.org) / @hirenpanchasara (https://twitter.com/hirenpanchasara) Improving TCP *** iXsystems MissonComplete winners (https://www.ixsystems.com/whats-new/october-missioncomplete-winners/) *** News Roundup LibreSSL 2.3.1 released (http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt) LibreSSl keeps on chugging, the latest release has landed, 2.3.1, which is the second snapshot based upon the OpenBSD 5.9 development branch. Currently they are targeting a stable ABI/API sometime around March 2016 for the 2.3.X series. Included in this update are ASN. 1 cleanups and some compliance fixes for RFC5280 Switched internally to timet, with a check that the host OS supports 64bit timet Various TLS fixes, including the ability to check cert validity times with tlspeercert_not{before|after} Fixed a reported memory leak in OBJ_obj2txt *** Guide for Installing Ghost w/ Nginx on FreeBSD (http://linoxide.com/linux-how-to/install-ghost-nginx-freebsd-10-2/) A nice walkthrough for the week, we’ve found an article about how to install the Ghost blogging platform on FreeBSD 10.2. For those who don’t know, Ghost is a MIT licensed blogging tool, started in 2012 by a former WordPress UI developer and is entirely coded in Node.js While a port for FreeBSD does not yet exist (somebody get on that please), this tutorial can walk you through the process of getting it deployed manually Most of the requirements are simple, www/node, www/npm and sqlite3. With those installed, most of the steps are simply creating the username / home for ghost, and some “npm” setup. The walkthrough even includes a handy rc.d script, making the possibility of a port seem much more likely *** Adrian Chadd on 'Why attention to detail matters when you're a kernel developer (http://adrianchadd.blogspot.com/2015/10/fixing-up-qca9558-performance-on.html) Adrian was correctly trolled in the FreeBSD embedded IRC chatroom and started looking at why the bridging performance in MIPS boards was so bad 120-150 mbit/sec is not really enough anymore Using previous MIPS24k support as a starting point, Adrian managed to get HWPMC (Hardware Performance Monitoring Counters) working on MIPS74k Using the data collected from the performance counters Adrian was able to figure out that packets were being copied in order to meet alignment requirements of the NIC and the FreeBSD networking stack. It turns out this is no longer a requirement for most modern Atheros NICs, so the workaround could be removed Now performance was 180 mbit/sec Next, on the receive side, only the TCP stack requires strict alignment, the ethernet stack does not, so offset the start point by 2 bytes so that TCP ends up aligned, and problem solved. Or not, no performance difference... The problem appeared to be busdma, Ian Lepore had recently made improves in this area on armv6 and helpfully ported these over to MIPS Now 420 mbit/sec. Getting better, but not as fast as Linux After some further investigation, a missing ‘sync’ operation was added, and the memory caching was changed from writethrough to writeback Things were so fast now, that the descriptor ring was being run through the ring so quickly as to hit the next descriptor that is still being setup. The first was to mark the first descriptor of a multi-descriptor packet as ‘empty’ until the entire chain was setup, so it would not be processed before the latter bits were done being added to the ring. So now MIPS can bridge at 720 mbit/sec, and route 320 mbit/sec Adrian wants to improve the routing speed and get it caught up to the bridging speed, but as always, free time is scarce. *** Switching from OS X to FreeBSD (http://mirrorshades.net/post/132753032310) The story of a user who had used OS X since its beta, but 10.9 and 10.10, became more and more dissatisfied They found they were spending too much time fighting with the system, rather than getting work done They cover the new workstation they bought, and the process of getting FreeBSD going on it, including why they chose FreeBSD rather than PCBSD Also covered it setting up a Lenovo X220 laptop They setup the i3wm and mutt The blog is very detailed and goes so far as to share a github repo of dotfiles and configuration files to ease the transition from OS X. *** BeastieBits The Stack behind Netflix's scaling (http://www.scalescale.com/the-stack-behind-netflix-scaling/) The Amiga port of NetBSD now has xorg support (https://mail-index.netbsd.org/source-changes/2015/11/04/msg069873.html) NetBSD has announced EOL for v5.x to be November 9th (http://blog.netbsd.org/tnf/entry/end_of_life_for_netbsd) RetroArch ports allow playing PlayStation, Sega, Atari, etc., games on FreeBSD (https://lists.freebsd.org/pipermail/freebsd-current/2015-November/058266.html) OpenBSD booting on a 75mhz Cyrex system with 32MB RAM (http://gfycat.com/InnocentSneakyEwe) Matthew Green reports Nouveau Nvidia can support GL with his latest commit (http://mail-index.netbsd.org/source-changes/2015/10/29/msg069729.html) Releases! OPNsense releases 15.7.18 (https://opnsense.org/opnsense-15-7-18-released/) pfSense releases 2.2.5 (https://blog.pfsense.org/?p=1925) Feedback/Questions Eric (http://slexy.org/view/s2ogdURldm) Andrew (http://slexy.org/view/s22bK2LZLm) Joseph (http://slexy.org/view/s2to6ZpBTc) Sean (http://slexy.org/view/s2oLU0KM7Y) Dustin (http://slexy.org/view/s21k6oKvle) *** For those of you curious about Kris' new lighting here are the links to what he is using. Softbox Light Diffuser (http://smile.amazon.com/gp/product/B00OTG6474?psc=1&redirect=true&ref_=oh_aui_detailpage_o01_s00&pldnSite=1) Full Spectrum 5500K CFL Bulb (http://smile.amazon.com/gp/product/B00198U6U6?psc=1&redirect=true&ref_=oh_aui_detailpage_o06_s00) ***
114: BSD-Schooling
This week, Allan is out of town at another Developer Summit, but we have a great episode coming This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines WhatsApp founder, on how it got so HUGE (http://www.wired.com/2015/10/whatsapps-co-founder-on-how-the-iconoclastic-app-got-huge/) Wired has interviewed WhatsApp co-founder Brian Acton, about the infrastructure behind WhatsApp WhatsApp manages 900 million users with a team of 50, while Twitter needs around 4,000 employees to manage 300 million users. “FreeBSD has a nicely tuned network stack and extremely good reliability. We find managing FreeBSD installations to be quite straightforward.” “Linux is a beast of complexity. FreeBSD has the advantage of being a single distribution with an extraordinarily good ports collection.” “To us, it has been an advantage as we have had very few problems that have occurred at the OS level. With Linux, you tend to have to wrangle more and you want to avoid that if you can.” “FreeBSD happened because both Jan and I have experience with FreeBSD from Yahoo!.” Additional Coverage (http://uk.businessinsider.com/whatsapp-built-using-erlang-and-freebsd-2015-10) *** User feedback in the SystemD vs BSD init (https://www.textplain.net/blog/2015/problems-with-systemd-and-why-i-like-bsd-init/) We have a very detailed blog post this week from Randy Westlund, about his experiences on Linux and BSD, contrasting the init systems. What he finds is that while, it does make some things easier, such as writing a service file once, and having it run everywhere, the tradeoff comes in the complexity and lack of transparency. Another area of concern was the reproducibility of boots, how in his examples on servers, there can often be times when services start in different orders, to save a few moments of boot-time. His take on the simplicity of BSD’s startup scripts is that they are very easy to hack on and monitor, while not introducing the feature creep we have seen in sysd. It will be interesting to see NextBSD / LaunchD and how it compares in the future! *** Learn to embrace open source, or get buried (http://opensource.com/business/15/10/ato-interview-jim-salter) At the recent “All Things Open” conference, opensource.com interviewed Jim Salter He describes how he first got started using FreeBSD to host his personal website He then goes on to talk about starting FreeBSDWiki.net and what its goals were The interview then talks about using Open Source at solve customers’ problems at his consulting firm Finally, the talks about his presentation at AllThingsOpen: Move Over, Rsync (http://allthingsopen.org/talks/move-over-rsync/) about switching to ZFS replication *** HP’s CTO Urges businesses to avoid permissive licenses (http://lwn.net/Articles/660428/) Martin Fink went on a rant about the negative effects of license proliferation While I agree that having too many new licenses is confusing and adds difficulty, I didn’t agree with his closing point “He then ended the session with an extended appeal to move the open-source software industry away from permissive licenses like Apache 2.0 and toward copyleft licenses like the GPL” “The Apache 2.0 license is currently the most widely used "permissive" license. But the thing that developers overlook when adopting it, he said, is that by using Apache they are also making a choice about how much work they will have to put into building any sort of community around the project. If you look at Apache-licensed projects, he noted, "you'll find that they are very top-heavy with 'governance' structures." Technical committees, working groups, and various boards, he said, are needed to make such projects function. But if you look at copyleft projects, he added, you find that those structures simply are not needed.” There are plenty of smaller permissively licensed projects that do not have this sort of structure, infact, most of this structure comes from being an Apache run project, rather than from using the Apache or any other permissive license Luckily, he goes on to state that the “OpenSwitch code is released under the Apache 2.0 license, he said, because the other partner companies viewed that as a requirement.” “HP wanted to get networking companies and hardware suppliers on board. In order to get all of the legal departments at all of the partners to sign on to the project, he said, HP was forced to go with a permissive license” Hopefully the trend towards permissive licenses continues Additionally, in a separate LWN post: RMS Says: “I am not saying that competitors to a GNU package are unjust or bad -- that isn't necessarily so. The pertinent point is that they are competitors. The goal of the GNU Project is for GNU to win the competition. Each GNU package is a part of the GNU system, and should contribute to the success of the GNU Project. Thus, each GNU package should encourage people to run other GNU packages rather than their competitors -- even competitors which are free software.” (http://lwn.net/Articles/659757/) Never thought I’d see RMS espousing vendor lock-in *** Interview - Brian Callahan - bcallah@devio.us (mailto:bcallah@devio.us) / @twitter (https://twitter.com/__briancallahan) The BSDs in Education *** News Roundup Digital Libraries in Africa making use of DragonflyBSD and HAMMER (http://lists.dragonflybsd.org/pipermail/users/2015-October/228403.html) In the international development context, we have an interesting post from Michael Wilson of the PeerCorps Trust Fund. They are using DragonFlyBSD and FreeBSD to support the Tanzanian Digital Library Initiative in very resource-limited settings. They cite among the most important reasons for using BSD as the availability and quality of the documentation, as well as the robustness of the filesystems, both ZFS and HAMMER. Their website is now online over at (http://www.tandli.com/) , check it out to see exactly how BSD is being used in the field *** netflix hits > 65gbps from a single freebsd box (https://twitter.com/ed_maste/status/655120086248763396) A single socket server, with a high end Xeon E5 processor and a dual ported Chelsio T580 (2x 40 Gbps ports) set a netflix record pushing over 65 Gbps of traffic from a single machine The videos were being pushed from SSDs and some new high end NVMe devices The previous record at Netflix was 52 Gbps from a single machine, but only with very experimental settings. The current work is under much more typical settings By the end of that night, traffic surged to over 70 Gbps Only about 10-15% of that traffic was encrypted with the in-kernel TLS engine that Netflix has been working on with John-Mark Gurney It was reported that the machine was only using about 65% cpu, and had plenty of head room If I remember the discussion correctly, there were about 60,000 streams running off the machine *** Lumina Desktop 0.8.7 has been released (http://lumina-desktop.org/lumina-desktop-0-8-7-released/) A very large update has landed for PC-BSD’s Lumina desktop A brand new “Start” menu has been added, which enables quick launch of favorite apps, pinning to desktop / favorites and more. Desktop icons have been overhauled, with better font support, and a new Grid system for placement of icons. Support for other BSD’s such as DragonFly has been improved, along with TONS of internal changes to functionality and backends. Almost too many things to list here, but the link above will have full details, along with screenshots. *** A LiveUSB for NetBSD has been released by Jibbed (http://www.jibbed.org/) After a three year absence, the Jibbed project has come back with a Live USB image for NetBSD! The image contains NetBSD 7.0, and is fully R/W, allowing you to run the entire system from a single USB drive. Images are available for 8Gb and 4Gb sticks (64bit and 32bit respectively), along with VirtualBox images as well For those wanting X, it includes both X and TWM, although ‘pkgin’ is available, so you can quickly add other desktops to the image *** Beastie Bits After recent discussions of revisiting W^X support in Mozilla Firefox, David Coppa has flipped the switch to enable it for OpenBSD users running -current. (http://undeadly.org/cgi?action=article&sid=20151021191401&mode=expanded) Using the vt(4) driver to change console resolution (http://lme.postach.io/post/changing-console-resolution-in-freebsd-10-with-vt-4) The FreeBSD Foundation gives a great final overview of the Grace Hopper Conference (http://freebsdfoundation.blogspot.com/2015/10/conference-recap-grace-hopper.html) A dialog about Compilers in the (BSD) base system (https://medium.com/@jmmv/compilers-in-the-bsd-base-system-1c4515a18c49) One upping their 48-core work from July, The Semihalf team shows off their the 96-core SMP support for FreeBSD on Cavium ThunderX (ARMv8 architecture (https://www.youtube.com/watch?v=1q5aDEt18mw) NYC Bug's November meeting will be featuring a talk by Stephen R. Bourne (http://lists.nycbug.org/pipermail/talk/2015-October/016384.html) New not-just-BSD postcast, hosted by two OpenBSD devs Brandon Mercer and Joshua Stein (http://garbage.fm/) Feedback/Questions Stefan (http://slexy.org/view/s21wjbhCJ4) Zach (http://slexy.org/view/s21TbKS5t0) Jake (http://slexy.org/view/s20AkO1i1R) Corey (http://slexy.org/view/s2nrUMatU5) Robroy (http://slexy.org/view/s2pZsC7arX) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
113: What’s Next for BSD?
Coming up on this week’s episode, we have an interview This episode was brought to you by iX Systems Mission Complete (https://www.ixsystems.com/missioncomplete/) Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal! *** Headlines OpenBSD 5.8 is released on the 20th birthday of the OpenBSD project (http://bsdsec.net/articles/openbsd-5-8-released) 5.8 has landed, and just in time for the 20th birthday of OpenBSD, Oct 18th A long list of changes can be found on the release announcement, but here’s a small scattering of them Drivers for new hardware, such as: rtwn = Realtek RTL8188CE wifi hpb = HyperTransport bridge in IBM CPC945 Improved sensor support for upd driver (USB power devices) Jumbo frame support on re driver, using RTL8168C/D/E/F/G and RTL8411 Updated to installer, improve autoinstall, and questions about SSH setup Sudo in base has been replace with “doas”, sudo moved to package tree New file(1) command with sandboxing and priv separation The tame(2) API WiP Improvements to the httpd(8) daemon, such as support for lua pattern matching redirections Bugfixes and the security updates to OpenSMTPD 5.4.4 LibreSSL security fixes, removed SSLv3 support from openssl(1) (Still working on nuking SSLv3 from all ports) And much more, too much to mention here, read the notes for all the gory details! OpenBSD Developer Interviews To go along with the 20th birthday, we have a whole slew of new interviews brought to us by the beastie.pl team. English and Polish are both provided, so be sure not to miss these! Dmitrij D. Czarkoff (http://beastie.pl/deweloperzy-openbsd-dmitrij-d-czarkoff/) Vadim Zhukov (http://beastie.pl/deweloperzy-openbsd-vadim-zhukov/) Marc Espie (http://beastie.pl/deweloperzy-openbsd-marc-espie/) Bryan Steele (http://beastie.pl/deweloperzy-openbsd-bryan-steele/) Ingo Schwarze (http://beastie.pl/deweloperzy-openbsd-ingo-schwarze/) Gilles Chehade (http://beastie.pl/deweloperzy-openbsd-gilles-chehade/) Jean-Sébastien Pédron has submitted a call for testing out the neIntel i915 driver (http://lists.freebsd.org/pipermail/freebsd-x11/2015-October/016758.html) A very eagerly awaited feature, Haswell GPU support has begun the testing process The main developer, Jean-Sébastien Pédron dumbbell@freebsd.org looking for users to test the patch, both those that have older supported cards (Sandybridge, Ivybridge) that are currently working, and users with Haswell devices that have, until now, not been supported Included is a link to the Wiki with instructions on how to enable debugging, and grab the updated branch of FreeBSD with the graphical improvements. Jean-Sébastien is calling for testers to send results both good and bad over to the freebsd-x11 mailing lists For those who want an “out of box solution” the next PC-BSD 11.0-CURRENT November images will include these changes as well How to install FreeBSD on a Raspberry Pi 2 (http://www.cyberciti.biz/faq/how-to-install-freebsd-on-raspberry-pi-2-model-b/) We have a nice walkthrough this week on how to install FreeBSD, both 10 or 11-CURRENT on a RPi 2! The walkthrough shows us how to use OSX to copy the image to SD card, then booting. In this case, we have him using a USB to serial cable to capture output with screen This is a pretty quick way for users sitting on a RPi2 to get up and running with FreeBSD Interview - Jordan Hubbard - jkh@ixsystems.com (mailto:email@email) NextBSD (http://www.nextbsd.org/) | NextBSD Github (https://github.com/NextBSD/NextBSD) Beastie Bits OpenBSD's Source Tree turned 20 on October 18th (https://marc.info/?l=openbsd-misc&m=144515087006177&w=2) GhostBSD working on Graphical ZFS Configuration Utility (https://plus.google.com/+GhostbsdOrg/posts/JoNZzrKrhtB) EuroBSDcon 2014 videos finally online (https://www.youtube.com/channel/UCz6C-szau90f9Vn07A6W2aA/videos) Postdoctoral research position at Memorial University is open (http://www.mun.ca/postdoc/tc-postdoc-2015.pdf) NetBSD Security Advisory: TCP LAST_ACK memory exhaustion, reported by NetFlix and Juniper (http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc) DesktopBSD making a comeback? (http://www.desktopbsd.net/forums/threads/desktopbsd-2-0-roadmap.798/) Feedback/Questions Steve (http://slexy.org/view/s20PllfFXt) Ben (http://slexy.org/view/s21jJm1lFN) Frank (http://slexy.org/view/s20TsrN3uq) Tyler (http://slexy.org/view/s20AydOevW)
112: Tracing the source
This week Allan is away at a ZFS conference, so it seems This episode was brought to you by Headlines pfsense - 2.3 alpha snapshots available (https://blog.pfsense.org/?p=1854) pfsense 2.3 Features and Changes (https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes) The entire front end has been re-written Upgrade of base OS to FreeBSD 10-STABLE The PPTP server component has been removed, PBIs have been replaced with pkg PHP upgraded to 5.6 The web interface has been converted to Bootstrap *** BSDMag October 2015 out (http://bsdmag.org/download/bsd-09-2015/) A Look at the New PC-BSD 10.2 - Kris Moore Basis Of The Lumina Desktop Environment 18 - Ken Moore A Secure Webserver on FreeBSD with Hiawatha - David Carlier Defeating CryptoLocker Attacks with ZFS - Michael Dexter Emerging Technology Has Increasingly Been a Force for Both Good and Evil - Rob Somerville Interviews with: Dru Lavigne, Luca Ferrari, Oleksandr Rybalko *** OpnSense 15.7.14 Released (https://opnsense.org/opnsense-15-7-14-released/) Another update to OpnSense has landed! Some of the notable takeaways this time are that it isn’t a security update Major rework of the firewall rules sections including, rules, schedules, virtual ip, nat and aliases pages Latest BIND and Squid packages Improved configuration management, including fixes to importing an old config file. New location for configuration history / backups. *** OpenBSD in Toyota Highlander (http://marc.info/?l=openbsd-misc&m=144327954931983&w=2) Images (http://imgur.com/a/SMVdp) While looking through the ‘Software Information’ screen of a Toyota Highlander, Chad Dougherty of the ACM found a bunch of OpenBSD copyright notices At least one of which I recognize as OpenCrypto, because of the comment about “transforms” It is likely that the vehicle is running QNX, which contains various bits of BSD QNX: Third Party License Terms List version 2.17 (http://support7.qnx.com/download/download/25111/TPLTL.v2.17.Jul23-13.pdf) Some highlights Robert N. M. Watson (FreeBSD) TrustedBSD Project (FreeBSD) NetBSD Foundation NASA Ames Research Center (NetBSD) Damien Miller (OpenBSD) Theo de Raadt (OpenBSD) Sony Computer Science Laboratories Inc. Bob Beck (OpenBSD) Christos Zoulas (NetBSD) Markus Friedl (OpenBSD) Henning Brauer (OpenBSD) Network Associates Technology, Inc. (FreeBSD) 100s of others OpenSSH seems to be included It also seems to contain tcpdump for some reason Interview - Adam Leventhal - adam.leventhal@delphix.com (mailto:adam.leventhal@delphix.com) / @ahl (https://twitter.com/ahl) ZFS and DTrace Beastie-Bits isboot, an iSCSI boot driver for FreeBSD 9 and 10 (https://lists.freebsd.org/pipermail/freebsd-current/2015-September/057572.html) tame() is now called pledge() (http://marc.info/?l=openbsd-tech&m=144469071208559&w=2) Interview with NetBSD developer Leoardo Taccari (http://beastie.pl/deweloperzy-netbsd-7-0-leonardo-taccari/) Fuguita releases LiveCD based on OpenBSD 5.8 (http://fuguita.org/index.php?FuguIta) Dtrace toolkit gets an update and imported into NetBSD (http://mail-index.netbsd.org/source-changes/2015/09/30/msg069173.html) An older article about how to do failover / load-balancing in pfsense (http://www.tecmint.com/how-to-setup-failover-and-load-balancing-in-pfsense/) Feedback/Questions Michael writes in (http://slexy.org/view/s217HyOZ9U) Possniffer writes in (http://slexy.org/view/s2YODjppwX) Erno writes in (http://slexy.org/view/s21xltQ6jd) ***
111: Xenocratic Oath
Coming up on this weeks episode, we have BSD news, tidbits and articles out the wazoo to share. Also, be sure to stick around for our interview with Brandon Mercer as he tells us about OpenBSD being used in the healthcare industry. This episode was brought to you by Headlines NetBSD 7.0 Release Announcement (http://www.netbsd.org/releases/formal-7/NetBSD-7.0.html) DRM/KMS support brings accelerated graphics to x86 systems using modern Intel and Radeon devices (Linux 3.15) Multiprocessor ARM support. Support for many new ARM boards, including the Raspberry Pi 2 and BeagleBone Black Major NPF improvements: BPF with just-in-time (JIT) compilation by default support for dynamic rules support for static (stateless) NAT support for IPv6-to-IPv6 Network Prefix Translation (NPTv6) as per RFC 6296 support for CDB based tables (uses perfect hashing and guarantees lock-free O(1) lookups) Multiprocessor support in the USB subsystem. GPT support in sysinst via the extended partitioning menu. Lua kernel scripting GCC 4.8.4, which brings support for C++11 Experimental support for SSD TRIM in wd(4) and FFS tetris(6): Add colours and a 'down' key, defaulting to 'n'. It moves the block down a line, if it fits. *** CloudFlare develops interesting new netmap feature (https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/) Normally, when Netmap is enabled on an interface, the kernel is bypassed and all of the packets go to the Netmap consumers CloudFlare has developed a feature that allows all but one of the RX queues to remain connected to the kernel, and only a single queue be passed to Netmap The change is a simple modification to the nm_open API, allowing the application to open only a specific queue of the NIC, rather than the entire thing The RSS or other hashing must be modified to not direct traffic to this queue Then specific flows are directed to the netmap application for matching traffic For example under Linux: ethtool -X eth3 weight 1 1 1 1 0 1 1 1 1 1 ethtool -K eth3 lro off gro off ethtool -N eth3 flow-type udp4 dst-port 53 action 4 Directs all name server traffic to NIC queue number 4 Currently there is no tool like ethtool to accomplish this same under FreeBSD I wonder if the flows could be identified more specifically using something like ipfw-netmap *** Building your own OpenBSD based Mail server! (http://www.theregister.co.uk/2015/09/12/feature_last_post_build_mail_server/?mt=1442858572214) part 2 (http://www.theregister.co.uk/2015/09/19/feature_last_post_build_mailserver_part_2/) part 3 (http://www.theregister.co.uk/2015/09/26/feature_last_post_build_mailserver_part_3/) The UK Register gives us a great writeup on getting your own mail server setup specifically on OpenBSD 5.7 In this article they used a MiniPC the Acer Revo One RL85, which is a decently priced little box for a mail server (http://www.theregister.co.uk/2015/07/24/review_acer_revo_one_rl85_/) While a bit lengthy in 3 parts, it does provide a good walkthrough of getting OpenBSD setup, PostFix and DoveCot configured and working. In the final installment it also provides details on spam filtering and antivirus scanning. Getting started with the UEFI bootloader on OpenBSD (http://blog.jasper.la/openbsd-uefi-bootloader-howto/) If you've been listening over the past few weeks, you've heard about OpenBSD.s new UEFI boot-loader. We now have a blog post with detailed instructions on how to get setup with this on your own system. The initial setup is pretty straightforward, and should only take a few minutes at most. In involves the usual fdisk commands to create a FAT EFI partition, and placing the bootx64.efi file in the correct location. As a bonus, we even get instructions on how to enable the frame-buffer driver on systems without native Intel video support (ThinkPad x250 in this example) *** Recipe for building a 10Mpps FreeBSD based router (http://blog.cochard.me/2015/09/receipt-for-building-10mpps-freebsd.html) Olivier, (of FreeNAS and BSD Router Project fame) treats us this week to a neat blog post about building your own high-performance 10Mpps FreeBSD router As he first mentions, the hardware required will need to be beefy, no $200 miniPC here. In his setup he uses a 8 core Intel Xeon E5-2650, along with a Quad port 10 Gigabit Chelsio TS540-CR. He mentions that this doesn't work quite on stock FreeBSD yet, you will need to pull code in from the projects/routing (https://svnweb.freebsd.org/base/projects/routing/) which fixes an issue with scaling on cores, in this case he is shrinking the NIC queues down to 4 from 8. If you don't feel like doing the compiles yourself, he also includes links to experimental BSDRouter project images which he used to do the benchmarks Bonus! Nice graphic of the benchmarks from enabling IPFW or PF and what that does to the performance. *** Interview - Brandon Mercer - bmercer@openbsd.org (mailto:bmercer@openbsd.org) / @knowmercymod (https://twitter.com/knowmercymod) OpenBSD in Healthcare Sorry about the audio quality degradation. The last 7 or 8 minutes of the interview had to be cut, a problem with the software that captures the audio from skype and adds it to our compositor. My local monitor is analogue and did not experience the issue, so I was unaware of the issue during the recording *** News Roundup Nvidia releases new beta FreeBSD driver along with new kernel module (https://devtalk.nvidia.com/default/topic/884727/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-358-09-beta-/) Includes a new kernel module, nvidia-modeset.ko While this module does NOT have any user-settable features, it works with the existing nvidia.ko to provide kernel-mode setting (KMS) used by the integrated DRM within the kernel. The beta adds support for 805A and 960A nvidia cards Also fixes a memory leak and some regressions *** MidnightBSD 0.7-RELEASE (http://www.midnightbsd.org/pipermail/midnightbsd-users/Week-of-Mon-20150914/003462.html) We missed this while away at Euro and elsewhere, but MidnightBSD (A desktop-focused FreeBSD 6.1 Fork) has come out with a new 0.7 release This release primarily focuses on stability, but also includes important security fixes as well. It cherry-picks updates to a variety of FreeBSD base-system updates, and some important ZFS features, such as TRIM and LZ4 compression Their custom .mports. system has also gotten a slew of updates, with almost 2000 packages now available, including a WiP of Gnome3. It also brings support for starting / stopping services automatically at pkg install or removal. They note that this will most likely be the last i386 release, joining the club of other projects that are going 64bit only. *** "Open Source as a Career Path" (http://media.medfarm.uu.se/play/video/5400) The FreeBSD Project held a panel discussion (http://www.cb.uu.se/~kristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG) of why Open Source makes a good career path at the ACM.s womENcourage conference in Uppsala, Sweden, the weekend before EuroBSDCon The Panel was lead by Dru Lavigne, and consisted of Deb Goodkin, Benedict Reuschling, Dan Langille, and myself We attempted to provide a cross section of experiences, including women in the field, the academic side, the community side, and the business side During the question period, Dan gave a great answer (https://gist.github.com/dlangille/e262bccdea08b89b5360) to the question of .Why do open source projects still use old technologies like mailing lists and IRC. The day before, the FreeBSD Foundation also had a booth at the career fair. We were the only open source project that attended. Other exhibitors included: Cisco, Facebook, Intel, Google, and Oracle. The following day, Dan also gave a workshop (http://www.cb.uu.se/~kristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG) on how to contribute to an open source project *** Beastie-Bits NetBSD 2015PkgSrc Freeze (http://mail-index.netbsd.org/pkgsrc-users/2015/09/12/msg022186.html) Support for 802.11N for RealTek USB in FreeBSD (https://github.com/freebsd/freebsd/commits/master/sys/dev/usb/wlan/if_rsu.c) Wayland ported to DragonFlyBSD (https://github.com/DragonFlyBSD/DeltaPorts/pull/123) OpenSMTPd developer debriefs on audit report (http://undeadly.org/cgi?action=article&sid=20151013161745) FreeBSD fixes issue with pf under Xen with TSO. Errata coming soon (https://svnweb.freebsd.org/base?view=revision&revision=289316) Xinuos funds the HardenedBSD project (http://slexy.org/view/s2EBjrxQ9M) Feedback/Questions Evan (http://slexy.org/view/s21PMmNFIs) Darin writes in (http://slexy.org/view/s20qH07ox0) Jochen writes in (http://slexy.org/view/s2d0SFmRlD) ***
110: - Firmware Fights
This week on BSDNow, we get to hear all of Allans post EuroBSDCon wrap-up and a great interview with Benno Rice from Isilon. We got to discuss some of the pain of doing major forklift upgrades, and why your business should track -CURRENT. This episode was brought to you by Headlines EuroBSDCon Videos EuroBSDCon has started posting videos of the talks online already. The videos posted online are archives of the live stream, so some of the videos contain multiple talks Due to a technical complication, some videos only have 1 channel of audio EuroBSDCon Talk Schedule (https://2015.eurobsdcon.org/talks-and-schedule/talk-schedule/) Red Room Videos (https://www.youtube.com/channel/UCBPvcqZrNuKZuP1LQhlCp-A) Yellow Room Videos (https://www.youtube.com/channel/UCJk8Kls9LT-Txu-Jhv7csfw) Blue Room Videos (https://www.youtube.com/channel/UC-3DOxIOI5oHXE1H57g3FzQ) Photos of the conference courtersy of Ollivier Robert (https://assets.keltia.net/photos/EuroBSDCon-2015/) *** A series of OpenSMTPd patches fix multiple vulnerabilities (http://undeadly.org/cgi?action=article&sid=20151005200020) Qualys recently published an audit of the OpenSNMPd source code (https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt) The fixes for these vulnerabilities were released as 5.7.2 After its release, two additional vulnerabilities (http://www.openwall.com/lists/oss-security/2015/10/04/2) were found. One, in the portable version, newer code that was added after the audit started All users are strongly encouraged to upgrade to 5.7.3 OpenBSD users should apply the latest errata or upgrade to the newest snapshot *** FreeBSD updates in -CURRENT (https://svnweb.freebsd.org/base?view=revision&revision=288917) Looks like Xen header support has been bumped in FreeBSD from 4.2 -> 4.6 It also enables support for ARM Update to Clang / LLVM to 3.7.0 (https://lists.freebsd.org/pipermail/freebsd-current/2015-October/057691.html) http://llvm.org/releases/3.7.0/docs/ReleaseNotes.html ZFS gets FRU (field replaceable unit) tracking (https://svnweb.freebsd.org/base?view=revision&revision=287745) OpenCL makes it way into the ports tree (https://svnweb.freebsd.org/ports?view=revision&revision=397198) bhyve has grown UEFI support, plus a CSM module bhyve can now boot Windows (https://lists.freebsd.org/pipermail/freebsd-virtualization/2015-October/003832.html) Currently there is still only a serial console, so the post includes an unattended install .xml file and instructions on how to repack the ISO. Once Windows is installed, you can RDP into the machine bhyve can also now run IllumOS (https://lists.freebsd.org/pipermail/freebsd-virtualization/2015-October/003833.html) *** OpenBSD Initial Support for Broadwell Graphics (http://marc.info/?l=openbsd-cvs&m=144304997800589&w=2) OpenBSD joins DragonFly now with initial support for broadwell GPUs landing in their development branch This brings Open up to Linux 3.14.52 DRM, and Mark Kettenis mentions that it isn.t perfect yet, and may cause some issues with older hardware, although no major regressions yet *** OpenBSD Slides for TAME (http://www.openbsd.org/papers/tame-fsec2015/) and libTLS APIs (http://www.openbsd.org/papers/libtls-fsec-2015/) The first set of slides are from a talk Theo de Raadt gave in Croatia, they describe the history and impetus for tame Theo specifically avoids comparisons to other sandboxing techniques like capsicum and seccomp, because he is not impartial tame() itself is only about 1200 lines of code Sandboxing the file(1) command with systrace: 300 lines of code, with tame: 4 lines Theo makes the point that .optional security. is irrelevant. If a mitigation feature has a knob to turn it off, some program will break and advise users to turn the feature off. Eventually, no one uses the feature, and it dies This has lead to OpenBSD.s policy: .Once working, these features cannot be disabled. Application bugs must be fixed. The second talk is by Bob Beck, about LibreSSL when LibreSSL was forked from OpenSSL 1.0.1g, it contained 388,000 lines of C code 30 days in LibreSSL, they had deleted 90,000 lines of C OpenSSL 1.0.2d has 432,000 lines of C (728k total), and OpenSSL Current has 411,000 lines of C (over 1 million total) LibreSSL today, contains 297,000 lines of C (511k total) None of the high risk CVEs against OpenSSL (there have been 5) have affected LibreSSL. It turns out removing old code and unneeded features is good for security. The talk focuses on libtls, an alternative to the OpenSSL API, designed to be easier to use and less error prone In the libtls api, if -1 is returned, it is always an error. In OpenSSL, it might not be an error, needs additional code to check errno In OpenBSD: ftp, nc, ntpd, httpd, spamd, syslog have been converted to the new API The OpenBSD Foundation is looking for donations in order to sponsor 2-3 developers to spend 6 months dedicated to LibreSSL *** Interview - Benno Rice - benno@FreeBSD.org (mailto:benno@FreeBSD.org) / @jeamland (https://twitter.com/jeamland) Isilon and building products on top of FreeBSD News Roundup ReLaunchd (https://github.com/mheily/relaunchd/blob/master/doc/rationale.txt) This past week we got a heads up about another init/launchd replacement, this time .Relaunchd. The goals of this project appear to be keeping launchd functionality, while being portable enough to run on FreeBSD / Linux, etc. It also has aspirations of being .container-aware. with support for jailed services, ala-docker, as well as cluster awareness. Written in ruby :(, it also maintains that it wishes to NOT take over PID1 or replace the initial system boot scripts, but extend / leverage them in new ways. *** Static Intrusion Detection in NetBSD (https://mail-index.netbsd.org/source-changes/2015/09/24/msg069028.html) Alistar Crooks has committed a new .sid. utility to NetBSD, which allows intrusion detection by comparing the file-system contents to a database of known good values The utility can compare the entire root file system of a modest NetBSD machine in about 15 seconds The following parameters of each file can be checked: atime, block count, ctime, file type, flags, group, inode, link target, mtime, number of links, permissions, size, user, crc32c checksum, sha256 checksum, sha512 checksum A JSON report is issued at the end, for any detected variances *** LibreSSL 2.3.0 in PC-BSD If you.re running PC-BSD 10.2-EDGE or October's -CURRENT image, LibreSSL 2.3.0 is now a thing Thanks to the hard work of Bernard Spil and others, we have merged in the latest LibreSSL which actually removes SSL support in favor of TLS Quite a number of bugs have been fixed, as well as patches brought over from OpenBSD to fix numerous ports. Allan has started a patchset that sets the OpenSSL in base to "private" (http://allanjude.com/bsd/privatessl_2015-10-07.patch) This hides the library so that applications and ports cannot find it, so only tools in the base system, like fetch, will be able to use it. This makes OpenSSL no longer part of the base system ABI, meaning the version can be upgraded without breaking the stable ABI promise. This feature may be important in the future as OpenSSL versions now have EoL dates, that may be sooner than the EoL on the FreeBSD stable branches. *** PC-BSD and boot-environments without GRUB (http://lists.pcbsd.org/pipermail/testing/2015-October/010173.html) In this month.s -CURRENT image of PC-BSD, we began the process of moving back from the GRUB boot-loader, in favor of FreeBSD.s A couple of patches have been included, which enables boot-environment support via the 4th menus (Thanks Allan) and support for booting ZFS on root via UEFI "beadm" has also been updated to seamlessly support both boot-loaders No full-disk encryption support yet (hopefully soon), but GRUB is still available on installer for those who need it *** Import of IWM wireless to DragonFly (http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/24a8d46a22f9106b0c1466c41ba73460d7d22262) Matthew Dillon has recently imported the newer if_iwm driver from FreeBSD -> DragonFly Across the internet, users with newer Intel chipsets rejoiced! Coupled with the latest Broadwell DRM improvements, DragonFly sounds very ready for the latest laptop chipsets Also, looks like progress is being made on i386 removal (http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/cf37dc2040cea9f384bd7d3dcaf24014f441b8a6) *** Feedback/Questions Dan writes in about PCBSD (http://slexy.org/view/s27ZeOiM4t) Matt writes in about ZFS (http://slexy.org/view/s219J3ebx5) Anonymous writes in about problems booting (http://slexy.org/view/s21uuMAmZb) ***