Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
49: The PC-BSD Tour
Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation semi-annual newsletter (https://www.freebsdfoundation.org/press/2014jul-newsletter) The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation "In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!" It talks about the FreeBSD journal (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT The full list of funded projects is included, also with details in the financial reports There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon
48: Liberating SSL
Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD quarterly status report (https://www.freebsd.org/news/status/report-2014-04-2014-06.html) FreeBSD has gotten quite a lot done this quarter Changes in the way release branches are supported - major releases will get at least five years over their lifespan A new automounter is in the works, hoping to replace amd (which has some issues) The CAM target layer and RPC stack have gotten some major optimization and speed boosts Work on ZFSGuru continues, with a large status report specifically for that The report also mentioned some new committers, both source and ports It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" *** A new OpenBSD HTTPD is born (http://undeadly.org/cgi?action=article&sid=20140724094043) Work has begun on a new HTTP daemon in the OpenBSD base system A lot of people are asking (http://www.reddit.com/r/BSD/comments/2b7azm/openbsd_gets_its_own_http_server/) "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist? Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement) It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter This has the added benefit of the usual, easy-to-understand syntax and privilege separation There's a very brief man page (http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8) online already It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) *** pkgng 1.3 announced (https://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-July/000084.html) The newest version of FreeBSD's second generation package management system (http://www.bsdnow.tv/tutorials/pkgng) has been released, with lots of new features It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!) Lots of the code has been sandboxed for extra security You'll probably notice some new changes to the UI too, making things more user friendly A few days later 1.3.1 (https://svnweb.freebsd.org/ports?view=revision&sortby=date&revision=362996) was released to fix a few small bugs, then 1.3.2 (https://svnweb.freebsd.org/ports?view=revision&revision=363108) shortly thereafter and 1.3.3 (https://svnweb.freebsd.org/ports?view=revision&revision=363363) yesterday *** FreeBSD after-install security tasks (http://twisteddaemon.com/post/92921205276/freebsd-installed-your-next-five-moves-should-be) A number of people have written in to ask us "how do I secure my BSD box after I install it?" With this blog post, hopefully most of their questions will finally be answered in detail It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things Not only does it just list things to do, but the post also does a good job of explaining why you should do them Maybe we'll see some more posts in this series in the future *** Interview - Brent Cook - bcook@openbsd.org (mailto:bcook@openbsd.org) / @busterbcook (https://twitter.com/busterbcook) LibreSSL's portable version and development News Roundup FreeBSD Mastery - Storage Essentials (https://www.tiltedwindmillpress.com/?product=freebsd-mastery-storage-essentials) MWL (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop)'s new book about the FreeBSD storage subsystems now has an early draft available Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance You'll get access to the completed (e)book when it's done if you buy the early draft The suggested price is $8 *** Why BSD and not Linux? (http://www.reddit.com/r/BSD/comments/2buea5/why_bsd_and_not_linux_or_why_linux_and_not_bsd/) Yet another thread comes up asking why you should choose BSD over Linux or vice-versa Lots of good responses from users of the various BSDs Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity." And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS." Some other users share their switching experiences - worth a read *** More g2k14 hackathon reports (http://undeadly.org/cgi?action=article&sid=20140724161550) Following up from last week's huge list (http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv) of hackathon reports, we have a few more Landry Breuil (http://undeadly.org/cgi?action=article&sid=20140724161550) spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream Andrew Fresh (http://undeadly.org/cgi?action=article&sid=20140728122850) enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl Ted Unangst (http://undeadly.org/cgi?action=article&sid=20140729070721) did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth Luckily we didn't have to cover 20 new ones this time! *** BSDTalk episode 243 (http://bsdtalk.blogspot.com/2014/07/mandoc-with-ingo-schwarze.html) The newest episode of BSDTalk (http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk) is out, featuring an interview with Ingo Schwarze of the OpenBSD team The main topic of discussion is mandoc, which some users might not be familiar with mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default) We'll catch up to you soon, Will! *** Feedback/Questions Thomas writes in (http://slexy.org/view/s2xLRQytAZ) Stephen writes in (http://slexy.org/view/s21AYng20n) Sha'ul writes in (http://slexy.org/view/s2DwLRdQDS) Florian writes in (http://slexy.org/view/s2E05L31BC) Bob Beck writes in (http://slexy.org/view/s21Nmg3Jrk) - and note the "Caution" section that was added to libressl.org (http://www.libressl.org/) ***
47: DES Challenge IV
Coming up this week on the show! We've got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like. The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines g2k14 hackathon reports (http://www.openbsd.org/hackathons.html) Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon Lots of work got done - in just the first two weeks of July, there were over 1000 commits (http://marc.info/?l=openbsd-cvs&r=1&b=201407&w=2) to their CVS tree Some of the developers wrote in to document what they were up to at the event Bob Beck (http://undeadly.org/cgi?action=article&sid=20140713220618) planned to work on kernel stuff, but then "LibreSSL happened" and he spent most of his time working on that Miod Vallat (http://undeadly.org/cgi?action=article&sid=20140718072312) also tells about his LibreSSL experiences Brent Cook (http://undeadly.org/cgi?action=article&sid=20140718090456), a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!) Henning Brauer (http://undeadly.org/cgi?action=article&sid=20140714094454) worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6) Martin Pieuchot (http://undeadly.org/cgi?action=article&sid=20140714191912) fixed some bugs in the USB stack, softraid and misc other things Marc Espie (http://undeadly.org/cgi?action=article&sid=20140714202157) improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency Martin Pelikan (http://undeadly.org/cgi?action=article&sid=20140715120259) integrated read-only ext4 support Vadim Zhukov (http://undeadly.org/cgi?action=article&sid=20140715094848) did lots of ports work, including working on KDE4 Theo de Raadt (http://undeadly.org/cgi?action=article&sid=20140715212333) created a new, more secure system call, "sendsyslog" and did a lot of work with /etc, sysmerge and the rc scripts Paul Irofti (http://undeadly.org/cgi?action=article&sid=20140718134017) worked on the USB stack, specifically for the Octeon platform Sebastian Benoit (http://undeadly.org/cgi?action=article&sid=20140719104939) worked on relayd filters and IPv6 code Jasper Lievisse Adriaanse (http://undeadly.org/cgi?action=article&sid=20140719134058) did work with puppet, packages and the bootloader Jonathan Gray (http://undeadly.org/cgi?action=article&sid=20140719082410) imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection Stefan Sperling (http://undeadly.org/cgi?action=article&sid=20140721125235) fixed a lot of issues with wireless drivers Florian Obser (http://undeadly.org/cgi?action=article&sid=20140721125020) did many things related to IPv6 Ingo Schwarze (http://undeadly.org/cgi?action=article&sid=20140721090411) worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface Ken Westerback (http://undeadly.org/cgi?action=article&sid=20140722071413) hacked on dhclient and dhcpd, and also got dump working on 4k sector drives Matthieu Herrb (http://undeadly.org/cgi?action=article&sid=20140723142224) worked on updating and modernizing parts of xenocara *** FreeBSD pf discussion takes off (https://lists.freebsd.org/pipermail/freebsd-questions/2014-July/259292.html) Concerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the "questions" and "current" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes) Straight from the SMP FreeBSD pf maintainer: "no one right now [is actively developing pf on FreeBSD]" Searching for documentation online for pf is troublesome because there are two incompatible syntaxes FreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating There's also the issue of importing patches from pfSense, but most of those still haven't been done either Lots of disagreement among developers vs. users... Many users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested Henning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions Gleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as "uncorroborated claims" (but neither side has provided any public benchmarks) Gleb had to abandon his work on FreeBSD's pf because funding ran out *** LibreSSL progress update (http://linux.slashdot.org/story/14/07/16/1950235/libressl-prng-vulnerability-patched) LibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago (http://marc.info/?l=openbsd-tech&m=140599450206255&w=2) Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list However, there has already been some drama... with Linux users There was a problem with Linux's PRNG, and LibreSSL was unforgiving (https://twitter.com/MiodVallat/status/489122763610021888) of it, not making an effort to randomize something that could not provide real entropy This "problem" doesn't affect OpenBSD's native implementation, only the portable version The developers (http://www.securityweek.com/openbsd-downplays-prng-vulnerability-libressl) decide to weigh in (http://www.tedunangst.com/flak/post/wrapping-pids-for-fun-and-profit) to calm the misinformation and rage A fix was added in 2.0.2, and Linux may even get a new system call (http://thread.gmane.org/gmane.linux.kernel.cryptoapi/11666) to handle this properly now - remember to say thanks, guys Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) has a really good post (http://www.tedunangst.com/flak/post/this-is-why-software-sucks) about the whole situation, definitely check it out As a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it *** Preparation for NetBSD 7 (http://mail-index.netbsd.org/current-users/2014/07/13/msg025234.html) The release process for NetBSD 7.0 is finally underway The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September If you run NetBSD, that'll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications) They're also looking for some help updating documentation and fixing any bugs that get reported Another formal announcement will be made when the beta binaries are up *** Interview - Dag-Erling Smørgrav - des@freebsd.org (mailto:des@freebsd.org) / @RealEvilDES (https://twitter.com/RealEvilDES) The role of the FreeBSD Security Officer, recent ports features, various topics News Roundup BSDCan ports and packages WG (http://blogs.freebsdish.org/portmgr/2014/07/18/bsdcan-2014-ports-and-packages-wg/) Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages There's also some detail about the signing infrastructure and different mirrors Ports people and source people need to talk more often about ABI breakage The post also includes information about pkg 1.3, the old pkg tools' EOL, the quarterly stable package sets and a lot more (it's a huge post!) *** Cross-compiling ports with QEMU and poudriere (http://blog.ignoranthack.me/?p=212) With recent QEMU features, you can basically chroot into a completely different architecture This article goes through the process of building ARMv6 packages on a normal X86 box Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now The poudriere-devel port now has a "qemu user" option that will pull in all the requirements Hopefully this will pave the way for official pkgng packages on those lesser-used architectures *** Cloning FreeBSD with ZFS send (http://blather.michaelwlucas.com/archives/2108) For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen This post shows his entire process in creating a mirror machine, using ZFS for everything The "zfs send" and "zfs snapshot" commands really come in handy for this He does the whole thing from a live CD, pretty impressive *** FreeBSD Overview series (http://thiagoperrotta.wordpress.com/2014/07/20/here-be-dragons-freebsd-overview-part-i/) A new blog series we stumbled upon about a Linux user switching to BSD In part one, he gives a little background on being "done with Linux distros" and documents his initial experience getting and installing FreeBSD 10 He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels Most of what he was used to on Linux was already in the default FreeBSD (except bash...) Part two (http://thiagoperrotta.wordpress.com/2014/07/21/here-be-packages-freebsd-overview-part-ii/) documents his experiences with pkgng and ports *** Feedback/Questions Bostjan writes in (http://slexy.org/view/s214FYbOKL) Rick writes in (http://slexy.org/view/s21cWLhzj4) Clint writes in (http://slexy.org/view/s21A4grtH0) Esteban writes in (http://slexy.org/view/s27fQHz8Se) Ben writes in (http://slexy.org/view/s21QscO4Cr) Matt sends in pictures of his FreeBSD CD collection (https://imgur.com/a/Ah444) ***
46: Network Iodometry
We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines EuroBSDCon 2014 registration open (http://2014.eurobsdcon.org/registration/) September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th Tutorials, sessions, dev summits and everything else all have their own pricing as well Registering between August 18th - September 12th will cost more for everything You can register online here (http://registration.eurobsdcon.org/) and check hotels in the area (http://2014.eurobsdcon.org/registration/travel-and-stay/hotels) The FreeBSD foundation is also accepting applications (https://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001577.html) for travel grants *** OpenBSD SMP PF update (http://marc.info/?t=140440541000002&r=1&w=2) A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump In a recent mailing list thread, Henning Brauer (http://www.bsdnow.tv/episodes/2013_10_30-current_events) addresses some of the concerns The short version (http://marc.info/?l=openbsd-misc&m=140479174521071&w=2) is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless He also says (http://marc.info/?l=openbsd-misc&m=140481012425889&w=2) PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through There's also been even more recent concern (https://lists.freebsd.org/pipermail/freebsd-pf/2014-July/thread.html) about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us *** Introduction to NetBSD pkgsrc (http://saveosx.org/pkgsrc-intro/) An article from one of our listeners about how to create a new pkgsrc port or fix one that you need The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format It also lists all the different bmake targets and their functions in relation to the porting process Finally, the post details the whole process of creating a new port *** FreeBSD 9.3-RELEASE (https://www.freebsd.org/releases/9.3R/relnotes.html) After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today (https://www.freebsd.org/releases/9.3R/schedule.html) but actually came out yesterday The full list of changes (https://www.freebsd.org/releases/9.3R/relnotes.html) is available, but it's mostly a smaller maintenance release Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon Good news, this will be the first release (https://twitter.com/evilgjb/status/485909719522222080) with PGP-signed checksums on the FTP mirrors - a very welcome change With that out of the way, the 10.1-RELEASE schedule was posted (https://www.freebsd.org/releases/10.1R/schedule.html) *** Interview - Bryan Drewery - bdrewery@freebsd.org (mailto:bdrewery@freebsd.org) / @bdrewery (https://twitter.com/bdrewery) The FreeBSD package building cluster, pkgng, ports, various topics Tutorial Tunneling traffic through DNS (http://www.bsdnow.tv/tutorials/ssh-dns) News Roundup SSH two-factor authentication on FreeBSD (http://blog.feld.me/posts/2014/07/ssh-two-factor-authentication-on-freebsd/) We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website This blog post tells you how to do exactly that, but with your Google account and the pamgoogleauthenticator port Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally It's a really, really simple process once you have the port installed - full details on the page *** Ditch tape backup in favor of FreeNAS (http://www.darvilleit.com/why-i-ditched-tape-backup-for-a-custom-made-freenas-backup/) The author of this post shares some of his horrible experiences with tape backups for a client Having constant, daily errors and failed backups, he needed to find another solution With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS) The rest of the article details his experiences with it and tells about his setup *** NetBSD vs FreeBSD, desktop experiences (http://imil.net/wp/2014/07/02/back-to-2000-2005-freebsd-desktop-2/) A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver "Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga." He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system *** PCBSD not-so-weekly digest (http://blog.pcbsd.org/2014/07/pc-bsd-feature-digest-31-warden-cli-upgrade-irc-announcement/) Speaking of choices for a desktop system, it's the return of the PCBSD digest! Warden and PBI_add have gotten some interesting new features You can now create jails "on the fly" when adding a new PBI to your application library Bulk jail creation is also possible now, and it's really easy New Jenkins integration, with public access to poudriere logs as well (http://builds.pcbsd.org) PkgNG 1.3.0.rc2 testing for EDGE users *** Feedback/Questions Jeff writes in (http://slexy.org/view/s21D05MP0t) - Sending Encrypted Backups over SSH (http://allanjude.com/zfs_handbook/zfs-zfs.html#zfs-send-ssh) + Sending ZFS snapshots via user (http://wiki.pcbsd.org/index.php/Life_Preserver/10.0#Backing_Up_to_a_FreeNAS_System) Bruce writes in (http://slexy.org/view/s2lzo1swzo) Richard writes in (http://slexy.org/view/s20z841ean) Jeff writes in (http://slexy.org/view/s2QYc8BOAo) - NYCBUG dmesg list (http://www.nycbug.org/index.cgi?action=dmesgd) Steve writes in (http://slexy.org/view/s2V2e1m7S7) ***
45: ZFS War Stories
This week Allan is at BSDCam in the UK, so we'll be back with a regular episode next week. For now though, here's an interview with Josh Paetzel about some crazy experiences he's had with ZFS. This episode was brought to you by Interview - Josh Paetzel - josh@ixsystems.com (mailto:josh@ixsystems.com) / @bsdunix4ever (https://twitter.com/bsdunix4ever) Crazy ZFS stories, network protocols, server hardware
44: Base ISO 100
This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines pfSense 2.1.4 released (https://blog.pfsense.org/?p=1377) The pfSense team (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) has released 2.1.4, shortly after 2.1.3 - it's mainly a security release Included within are eight security fixes, most of which are pfSense-specific OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so) It also includes a large number of various other bug fixes Update all your routers! *** DragonflyBSD's pf gets SMP (http://lists.dragonflybsd.org/pipermail/commits/2014-June/270300.html) While we're on the topic of pf... Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas Stemming from a user's complaint (http://lists.dragonflybsd.org/pipermail/users/2014-June/128664.html), Matthew Dillon did his own work on pf to make it SMP-aware Altering your configuration (http://lists.dragonflybsd.org/pipermail/users/2014-June/128671.html)'s ruleset can also help speed things up, he found When will OpenBSD, the source of pf, finally do the same? *** ChaCha usage and deployment (http://ianix.com/pub/chacha-deployment.html) A while back, we talked to djm (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5 This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20 OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not Unfortunately, this article has one mistake: FreeBSD does not use it (https://lists.freebsd.org/pipermail/freebsd-bugs/2013-October/054018.html) - they still use the broken RC4 algorithm *** BSDMag June 2014 issue (http://bsdmag.org/magazine/1864-tls-hardening-june-bsd-magazine-issue) The monthly online BSD magazine releases their newest issue This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities The free pdf file is available for download as always *** Interview - Craig Rodrigues - rodrigc@freebsd.org (mailto:rodrigc@freebsd.org) FreeBSD's continuous (https://wiki.freebsd.org/Jenkins) testing (https://docs.google.com/presentation/d/1yBiPxS1nKnVwRlAEsYeAOzYdpG5uzXTv1_7i7jwVCfU/edit#slide=id.p) infrastructure (https://jenkins.freebsd.org/jenkins/) Tutorial Creating pre-patched OpenBSD ISOs (http://www.bsdnow.tv/tutorials/stable-iso) News Roundup Preauthenticated decryption considered harmful (http://www.tedunangst.com/flak/post/preauthenticated-decryption-considered-harmful) Responding to a post (https://www.imperialviolet.org/2014/06/27/streamingencryption.html) from Adam Langley, Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) talks a little more about how signify and pkg_add handle signatures In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns With signify, now everything is fully downloaded and verified before tar is even invoked The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post Be sure to also read the original post from Adam, lots of good information *** FreeBSD 9.3-RC2 is out (https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/079092.html) As the -RELEASE inches closer, release candidate 2 is out and ready for testing Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things The updated bsdconfig will use pkgng style packages now too A lesser known fact: there are also premade virtual machine images you can use too *** pkgsrcCon 2014 wrap-up (http://saveosx.org/pkgsrcCon/) In what may be the first real pkgsrcCon article we've ever had! Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event Unfortunately no recordings to be found... *** PostgreSQL FreeBSD performance and scalability (https://kib.kiev.ua/kib/pgsql_perf.pdf) FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings Lots of technical details if you're interested in getting the best performance out of your hardware It also includes specific kernel options he used and the rest of the configuration If you don't want to open the pdf file, you can use this link (https://docs.google.com/viewer?url=https%3A%2F%2Fkib.kiev.ua%2Fkib%2Fpgsql_perf.pdf) too *** Feedback/Questions James writes in (http://slexy.org/view/s24pFjUPe4) Klemen writes in (http://slexy.org/view/s21OogIgTu) John writes in (http://slexy.org/view/s21rLcemNN) Brad writes in (http://slexy.org/view/s203Qsx6CZ) Adam writes in (http://slexy.org/view/s2eBj0FfSL) ***
43: Package Design
It's a big show this week! We'll be interviewing Marc Espie about OpenBSD's package system and build cluster. Also, we've been asked many times "how do I keep my BSD box up to date?" Well, today's tutorial should finally answer that. Answers to all your emails and this week's headlines, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines EuroBSDCon 2014 talks and schedule (http://2014.eurobsdcon.org/talks-and-schedule/) The talks and schedules for EuroBSDCon 2014 are finally revealed The opening keynote is called "FreeBSD, looking forward to another 10 years" by jkh Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great It looks like Theo even has a talk, but the title isn't on the page... how mysterious There are also days dedicated to some really interesting tutorials Register now, the conference is on September 25-28th in Bulgaria If you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen Why aren't the videos up from last year yet? Will this year also not have any? *** FreeNAS vs NAS4Free (http://arstechnica.com/information-technology/2014/06/the-ars-nas-distribution-shootout-freenas-vs-nas4free/) More mainstream news covering BSD, this time with an article about different NAS solutions In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project "One is pleasantly functional; the other continues devolving during a journey of pain" - uh oh, who's the loser? *** Quality software costs money, heartbleed was free (https://queue.acm.org/detail.cfm?id=2636165) PHK (http://www.bsdnow.tv/episodes/2013_10_16-go_directly_to_jail) writes an article for ACM Queue about open source software projects' funding efforts A lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them On that subject, "Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software" Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive *** Geoblock evasion with pf and OpenBSD rdomains (https://matt.bionicmessage.net/blog/2014/06/21/Advanced%20Geoblock%20evasion%20with%20OpenBSD%20pf%20and%20rdomain%27s) Geoblocking is a way for websites to block visitors based on the location of their IP This is a blog post about how to get around it, using pf and rdomains It has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that (http://www.bsdnow.tv/tutorials/openbsd-router)...) In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia It's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters *** Interview - Marc Espie - espie@openbsd.org (mailto:espie@openbsd.org) / @espie_openbsd (https://twitter.com/espie_openbsd) OpenBSD's package system, building cluster, various topics Tutorial Keeping your BSD up to date (http://www.bsdnow.tv/tutorials/upgrade) News Roundup BoringSSL and LibReSSL (https://www.imperialviolet.org/2014/06/20/boringssl.html) Yet another OpenSSL fork pops up, this time from Google, called BoringSSL Adam Langley has a blog post about it, why they did it and how they're going to maintain it You can easily browse the source code (https://boringssl.googlesource.com/) Theo de Raadt also weighs in (http://marc.info/?l=openbsd-tech&m=140332790726752&w=2) with how this effort relates to LibReSSL More eyes on the code is good, and patches will be shared between the two projects *** More BSD Tor nodes wanted (http://lists.nycbug.org/pipermail/tor-bsd/2014-June/000129.html) Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous Originally discussed (https://lists.torproject.org/pipermail/tor-relays/2014-June/004699.html) on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network If one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc. The EFF is also holding a Tor challenge (https://www.eff.org/torchallenge/) for people to start up new relays and keep them online for over a year Check out our Tor tutorial (http://www.bsdnow.tv/tutorials/tor) and help out the network, and promote BSD at the same time! *** FreeBSD 10 OpenStack images (https://raymii.org/s/tutorials/FreeBSD_10.0-release_Openstack_Image.html) OpenStack, to quote Wikipedia, is "a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution." The article goes into detail about creating a FreeBSD instant, installing and converting it for use with "bsd-cloudinit" The author of the article is a regular listener and emailer of the show, hey! *** BSDday 2014 call for papers (https://lists.freebsd.org/pipermail/freebsd-advocacy/2014-June/004465.html) BSD Day, a conference not so well-known, is going to be held August 9th in Argentina It was created in 2008 and is the only BSD conference around that area The "call for papers" was issued, so if you're around Argentina and use BSD, consider submitting a talk Sysadmins, developers and regular users are, of course, all welcome to come to the event *** Feedback/Questions Maruf writes in (http://slexy.org/view/s20nTYO2w1) Solomon writes in (http://slexy.org/view/s21cvV6mRP) Silas writes in (http://slexy.org/view/s2MK8sbea0) Bert writes in (http://slexy.org/view/s2Yz97YlzI) ***
42: Devious Methods
Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines PIE and ASLR in FreeBSD update (https://www.soldierx.com/news/Position-Independent-Executable-Support-Added-FreeBSD) A status update for Shawn Webb's ASLR and PIE work for FreeBSD One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree "FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support" If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf The next step is working on the ASLR coding style and getting more developers to look through it Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR *** Misc. pfSense news (https://blog.pfsense.org/?p=1347) Couple of pfSense news items this week, including some hardware news Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once To make that process faster, they're building a controllable power board (and include some cool pics) There will be more info on that device a bit later on On Friday, June 27th, there will be another video session (https://blog.pfsense.org/?p=1367) (for paying customers only...) about virtualized firewalls pfSense University (https://blog.pfsense.org/?p=1332), a new paid training course, was also announced A single two-day class costs $2000, ouch *** ZFS stripe width (http://blog.delphix.com/matt/2014/06/06/zfs-stripe-width/) A new blog post from Matt Ahrens (http://www.bsdnow.tv/episodes/2014_05_14-bsdcanned_goods) about ZFS stripe width "The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice" Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages He covers best performance on random IOPS, best reliability, and best space efficiency use cases It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor *** FreeBSD 9.3-BETA3 released (https://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html) The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release This is expected to be the final BETA, next will come the RCs There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20) The FreeBSD foundation has a blog post (http://freebsdfoundation.blogspot.com/2014/06/freebsd-93-beta3-now-available.html) about it too There's a list of changes (https://www.freebsd.org/relnotes/9-STABLE/relnotes/article.html) between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits *** Interview - Bryce Chidester - brycec@devio.us (mailto:brycec@devio.us) / @brycied00d (https://twitter.com/brycied00d) Running a BSD shell provider Tutorial Chaining SSH connections (http://www.bsdnow.tv/tutorials/ssh-chaining) News Roundup My FreeBSD adventure (https://www.linuxquestions.org/questions/*bsd-17/my-freebsd-adventure-continued-4175508055/) A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings After ruling out (https://www.linuxquestions.org/questions/*bsd-17/pc-bsd-10-0-is-now-available-4175493047/page2.html#post5142465) PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux Might be an interesting, ongoing series we can follow up on later *** Even more BSDCan trip reports (http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-li-wen-hsu.html) BSDCan may be over until next year, but trip reports are still pouring in This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that Nice long post about all of his experiences at the event, definitely worth a read He even talks about... the food *** FreeBSD disk partitioning (http://blather.michaelwlucas.com/archives/2096) For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification This erupted into a very long discussion (https://lists.freebsd.org/pipermail/freebsd-hackers/2014-June/045246.html) about fdisk vs gnop vs gpart So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools *** BSD Router Project version 1.51 (http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.51) A new version of the BSD Router Project has been released, 1.51 It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere Check the sourceforge page for the complete list of changes Bad news... the minimum disk size requirement has increased to 512MB... getting pretty bloated *** Feedback/Questions Fongaboo writes in (http://slexy.org/view/s21X4hl28g) David writes in (http://slexy.org/view/s20DELplMw) Kristian writes in (http://slexy.org/view/s2tmazORRN) ***
41: Commit This Bit
This week in the big show, we'll be interviewing Benedict Reuschling of the FreeBSD documentation team, and he has a special surprise in store for Allan. As always, answers to your questions and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD moves to Bugzilla (https://lists.freebsd.org/pipermail/freebsd-announce/2014-June/001559.html) Historically, FreeBSD has used the old GNATS system for keeping track of bug reports After years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla It offers a lot of advantages, is much more modern and actively maintained and There's a new workflow chart (http://people.freebsd.org/~eadler/bugrelocation/workflow.html) for developers to illustrate the new way of doing things The old "send-pr" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports) This will hopefully make reporting bugs a lot less painful *** DIY NAS: EconoNAS 2014 (http://blog.brianmoses.net/2014/06/diy-nas-econonas-2014.html) We previously covered this blog last year, but the 2014 edition is up More of a hardware-focused article, the author details the parts he's using for a budget NAS Details the motherboard, RAM, CPU, hard drives, case, etc With a set goal of $500 max, he goes just over it - $550 for all the parts Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions *** DragonflyBSD 3.8 released (http://www.shiningsilence.com/dbsdlog/2014/06/04/14122.html) Justin (http://www.bsdnow.tv/episodes/2013_11_13-the_gateway_drug) announced the availability of DragonflyBSD 3.8.0 Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions Work continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series See the release page (http://www.dragonflybsd.org/release38/) for more info and check the link for source-based upgrade instructions *** OpenZFS European conference 2014 (http://www.open-zfs.org/wiki/Publications#2014_OpenZFS_European_Conference) There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure Matt Ahrens, Introduction (http://www.youtube.com/watch?v=Mk1czZs6vkQ) Michael Alexander, FhGFS performance on ZFS (http://www.youtube.com/watch?v=Ak1HB507-xY) Andriy Gapon, Testing ZFS on FreeBSD (http://www.youtube.com/watch?v=oB-QDwVuBH4) Luke Marsden, HybridCluster: ZFS in the cloud (http://www.youtube.com/watch?v=ISI9Ppj3kTo) Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS (http://www.youtube.com/watch?v=1xK94v0BedE) Chris George, DDRdrive ZIL accelerator: random write revelation (http://www.youtube.com/watch?v=ScNHjWBQYQ8) Grenville Whelan, High-Availability (http://www.youtube.com/watch?v=tiTYZykCeDo) Phil Harman, Harman Holistic (https://www.youtube.com/watch?v=ApjkrBVlPXk) Mark Rees, Storiant and OpenZFS (http://www.youtube.com/watch?v=41yl23EACns) Andrew Holway, EraStor ZFS appliances (http://www.youtube.com/watch?v=b4L0DRvKJxo) Dan Vâtca, Syneto and OpenZFS (http://www.youtube.com/watch?v=pPOW8bwUXxo) Luke Marsden, HybridCluster and OpenZFS (http://www.youtube.com/watch?v=uSM1s1aWlZE) Matt Ahrens, Delphix and OpenZFS (http://www.youtube.com/watch?v=UaRdzUOsieA) Check the link for slides and other goodies *** Interview - Benedict Reuschling - bcr@freebsd.org (mailto:bcr@freebsd.org) BSD documentation, getting commit access, unix education, various topics News Roundup Getting to know your portmgr, Steve Wills (http://blogs.freebsdish.org/portmgr/2014/06/04/getting-to-know-your-portmgr-steve-wills/) "It is my pleasure to introduce Steve Wills, the newest member of the portmgr team" swills is an all-round good guy, does a lot for ports (especially the ruby ports) In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more He used to work for Red Hat, woah *** BSDTalk episode 242 (http://bsdtalk.blogspot.com/2014/06/bsdtalk242-pfsense-with-chris-buechler.html) This time on BSDTalk, Will interviews Chris Buechler (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) from pfSense Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes They also touch on recent concerns in the pfSense community about their license change, that they may be "going commercial" and closing the source - so tune in to find out what their future plans are for all of that *** Turn old PC hardware into a killer home server (http://www.pcworld.com/article/2243748/turn-old-pc-hardware-into-a-killer-home-server-with-freenas.html) Lots of us have old hardware lying around doing nothing but collecting dust Why not turn that old box into a modern file server with FreeNAS and ZFS? This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc) Most of our users are already familiar with all of this stuff, nothing too advanced Good to see BSD getting some well-deserved attention on a big mainstream site *** Unbloating the VAX install CD (https://blog.netbsd.org/tnf/entry/unbloating_the_vax_install_cd) After a discussion on the VAX mailing list, something very important came to the attention of the developers... You can't boot NetBSD on a VAX box with 16MB of RAM from the CD image This blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller In the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM... *** Feedback/Questions Thomas writes in (http://slexy.org/view/s211mNScBr) Reynold writes in (http://slexy.org/view/s21JA8BVmZ) Bostjan writes in (http://slexy.org/view/s2kwS3ncTY) Paul writes in (http://slexy.org/view/s2VgjXUfW9) John writes in (http://slexy.org/view/s202AAQUXt) ***
40: AirPorts & Packages
On this week's episode, we'll be giving you an introductory guide on OpenBSD's ports and package system. There's also a pretty fly interview with Karl Lehenbauer, about how they use FreeBSD at FlightAware. Lots of interesting news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSDCan 2014 talks and reports, part 2 (https://www.bsdcan.org/2014/schedule/) More presentations and trip reports are still being uploaded Ingo Schwarze, New Trends in mandoc (https://www.youtube.com/watch?v=oifYhwTaOuw) Vsevolod Stakhov, The Architecture of the New Solver in pkg (https://www.youtube.com/watch?v=3SOKFz2UUQ4) Julio Merino, The FreeBSD Test Suite (https://www.youtube.com/watch?v=nf-bFeKaZsY) Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM (https://www.youtube.com/watch?v=s5iIKEHtbX8) There's also a trip report from Michael Dexter (http://freebsdfoundation.blogspot.com/2014/06/bsdcan-trip-report-michael-dexter.html) and another (very long and detailed) trip report (http://freebsdfoundation.blogspot.com/2014/05/bsdcan-trip-report-warren-block.html) from our friend Warren Block (http://www.bsdnow.tv/episodes/2014_03_26-documentation_is_king) that even gives us some linkage, thanks! *** Beyond security, getting to know OpenBSD's real purpose (https://www.youtube.com/watch?v=JrFfrrY-yOo) Michael W Lucas (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop) (who, we learn through this video, has been using BSD since 1986) gave a "webcast" last week, and the audio and slides are finally up It clocks in at just over 30 minutes, managing to touch on a lot of OpenBSD topics Some of those topics include: what is OpenBSD and why you should care, the philosophy of the project, how it serves as a "pressure cooker for ideas," briefly touches on GPL vs BSDL, their "do it right or don't do it at all" attitude, their stance on NDAs and blobs, recent LibreSSL development, some of the security functions that OpenBSD enabled before anyone else (and the ripple effect that had) and, of course, their disturbing preference for comic sans Here's a direct link to the slides (https://wcc.on24.com/event/76/67/12/rt/1/documents/resourceList1400781110933/20140527_beyond_security_openbsd.pdf) Great presentation if you'd like to learn a bit about OpenBSD, but also contains a bit of information that long-time users might not know too *** FreeBSD vs Linux, a comprehensive comparison (http://brioteam.com/linux-versus-freebsd-comprehensive-comparison) Another blog post covering something people seem to be obsessed with - FreeBSD vs Linux This one was worth mentioning because it's very thorough in regards to how things are done behind the scenes, not just the usual technical differences It highlights the concept of a "core team" and their role vs "contributors" and "committers" (similar to a presentation Kirk McKusick did not long ago) While a lot of things will be the same on both platforms, you might still be asking "which one is right for me?" - this article weighs in with some points for both sides and different use cases Pretty well-written and unbiased article that also mentions areas where Linux might be better, so don't hate us for linking it *** Expand FreeNAS with plugins (http://www.openlogic.com/wazi/bid/345617/Expand-FreeNAS-with-plugins) One of the things people love the most about FreeNAS (other than ZFS) is their cool plugin framework With these plugins, you can greatly expand the feature set of your NAS via third party programs This page talks about a few of the more popular ones and how they can be used to improve your NAS or media box experience Some examples include setting up an OwnCloud server, Bacula for backups, Maraschino for managing a home theater PC, Plex Media Server for an easy to use video experience and a few more It then goes into more detail about each of them, how to actually install plugins and then how to set them up *** Interview - Karl Lehenbauer - karl@flightaware.com (mailto:karl@flightaware.com) / @flightaware (https://twitter.com/flightaware) FreeBSD at FlightAware, BSD history, various topics Tutorial Ports and packages in OpenBSD (http://www.bsdnow.tv/tutorials/ports-obsd) News Roundup Code review culture meets FreeBSD (http://julipedia.meroh.net/2014/05/code-review-culture-meets-freebsd.html) In most of the BSDs, changes need to be reviewed by more than one person before being committed to the tree This article describes Phabricator, an open source code review system that we briefly mentioned last week Instructions for using it are on the wiki (https://wiki.freebsd.org/CodeReview) While not approved by the core team yet for anything official, it's in a testing phase and developers are encouraged to try it out and get their patches reviewed Just look at that fancy interface!! (http://phabric.freebsd.org/) *** Upcoming BSD books (http://blather.michaelwlucas.com/archives/2088) Sneaky MWL somehow finds his way into both our headlines and the news roundup He gives us an update on the next BSD books that he's planning to release The plan is to release three (or so) books based on different aspects of FreeBSD's storage system(s) - GEOM, UFS, ZFS, etc. This has the advantage of only requiring you to buy the one(s) you're specifically interested in "When will they be released? When I'm done writing them. How much will they cost? Dunno." It's not Absolute FreeBSD 3rd edition... *** CARP failover and high availability on FreeBSD (https://www.youtube.com/watch?v=VjYb9mKB4jU) If you're running a cluster or a group of servers, you should have some sort of failover in place But the question comes up, "how do you load balance the load balancers!?" This video goes through the process of giving more than one machine the same IP, how to set up CARP, securing it and demonstrates a node dying Also mentions DNS-based load balancing as another option *** PCBSD weekly digest (http://blog.pcbsd.org/2014/05/weekly-feature-digest-30/) This time in PCBSD land, we're getting ready for the 10.0.2 release (ISOs here) (http://download.pcbsd.org/iso/10.0-RELEASE/testing/amd64/) AppCafe got a good number of fixes, and now shows 10 random highlighted applications EasyPBI added a "bulk" mode to create PBIs of an entire FreeBSD port category Lumina, the new desktop environment, is still being worked on and got some bug fixes too *** Feedback/Questions Paul writes in (http://slexy.org/view/s205iiKiWp) Matt writes in (http://slexy.org/view/s2060bkTNl) Kjell writes in (http://slexy.org/view/s2G7eMC6oP) Paul writes in (http://slexy.org/view/s2REfzMFGK) Tom writes in (http://slexy.org/view/s21nvJtXY6) ***
39: The Friendly Sandbox
This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSDCan 2014 talks and reports (https://www.bsdcan.org/2014/schedule/) The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links Karl Lehenbauer's keynote (https://www.youtube.com/watch?v=13LiyjnTGsQ) (he's on next week's episode) Mariusz Zaborski and Pawel Jakub Dawidek, Capsicum and Casper (https://www.youtube.com/watch?v=0la06FHbdvg) (relevant to today's interview) Luigi Rizzo, In-kernel OpenvSwitch on FreeBSD (https://www.youtube.com/watch?v=Lr5o1VQMtgA) Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage (https://www.youtube.com/watch?v=AVuF9eFeVWs) Warner Losh, NAND Flash and FreeBSD (https://www.youtube.com/watch?v=lj0XAE6C6-k) Simon Gerraty, FreeBSD bmake and Meta Mode (https://www.youtube.com/watch?v=4s0UY0sg6vI) Bob Beck, LibreSSL - The First 30 Days (https://www.youtube.com/watch?v=oM6S7FEUfkU) Henning Brauer, OpenBGPD Turns 10 Years Old (https://www.youtube.com/watch?v=cP8AW111IKg) Arun Thomas, BSD ARM Kernel Internals (https://www.youtube.com/watch?v=ZAM7fqhGRr8) Peter Hessler, Using BGP for Realtime Spam Lists (https://www.youtube.com/watch?v=i8UAVswpagA) Pedro Giffuni, Features and Status of FreeBSD's Ext2 Implementation (https://www.youtube.com/watch?v=HMeTxViulgo) Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements (https://www.youtube.com/watch?v=EjGqVdCOIhM) Daichi Goto, Shellscripts and Commands (https://www.youtube.com/watch?v=MsRu0xIawaA) Benno Rice, Keeping Current (https://www.youtube.com/watch?v=jZp-ciB6mAg) Sean Bruno, MIPS Router Hacking (https://www.youtube.com/watch?v=LZjoFSfIv3k) John-Mark Gurney, Optimizing GELI Performance (https://www.youtube.com/watch?v=2qicD0tv_tI) Patrick Kelsey, Userspace Networking with libuinet (https://www.youtube.com/watch?v=LhIx8q8_7YY) Massimiliano Stucchi, IPv6 Transitioning Mechanisms (https://www.youtube.com/watch?v=WZoQzUZKaeo) Roger Pau Monné, Taking the Red Pill (https://www.youtube.com/watch?v=q6l9qtjlNXU) Shawn Webb, Introducing ASLR in FreeBSD (https://www.youtube.com/watch?v=jo8ObzR1tKQ) There's also a trip report (http://undeadly.org/cgi?action=article&sid=20140519164127) from Peter Hessler and one from Julio Merino (http://julipedia.meroh.net/2014/05/bsdcan-2014-summary.html) The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend) *** Defend your network and privacy with a VPN and OpenBSD (http://networkfilter.blogspot.com/2014/05/defend-your-network-and-privacy-vpn.html) After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow) It also includes a few general privacy tips, recommended browser extensions, etc The intro to the article is especially great, so give the whole thing a read He mentions our OpenBSD router guide (http://www.bsdnow.tv/tutorials/openbsd-router) and other tutorials being a big help for this setup, so hello if you're watching! *** You should try FreeBSD (http://blog.pascalj.com/article/you-should-try-freebsd/) In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two Possibly the most useful part is how to address the question "my server already works, why bother switching?" "Stackoverflow’s answers assume I have apt-get installed" It includes mention of the great documentation, stability, ports, improved security and much more A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before" *** OpenBSD and the little Mauritian contributor (http://hacklog.in/openbsd-and-the-little-mauritian-contributor/) This is a story about a guy from Mauritius (https://en.wikipedia.org/wiki/Mauritius) named Logan, one of OpenBSD's newest developers Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back *** Interview - Jon Anderson - jonathan@freebsd.org (mailto:jonathan@freebsd.org) Capsicum and Casperd Tutorial Encrypting DNS lookups (http://www.bsdnow.tv/tutorials/dnscrypt) News Roundup FreeBSD Journal, May 2014 issue (http://i.imgur.com/f0qg6Ss.jpg) The newest issue of the FreeBSD Journal (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) is out, following the bi-monthly release cycle This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read *** LibreSSL porting update (http://insanecoding.blogspot.com/2014/05/libressl-porting-update.html) Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that! This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good *** BSDMag May 2014 issue is out (http://bsdmag.org/magazine/1862-meteorjs-on-freebsd-11-may-bsd-issue) The usual monthly release from BSDMag, covering a variety of subjects This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things It's a free PDF, go grab it *** BSDTalk episode 241 (http://bsdtalk.blogspot.com/2014/05/bsdtalk241-bob-beck.html) A new episode of BSDTalk (http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk) is out, this time with Bob Beck He talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot more The interview itself isn't about LibreSSL at all, but they do touch on it a bit too Really interesting stuff, covers a lot of different topics in a short amount of time *** Feedback/Questions We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the vpnc (https://www.freshports.org/security/vpnc/) package seems to be what we were looking for Tim writes in (http://slexy.org/view/s20MK7bTyc) AJ writes in (http://slexy.org/view/s2OWREQdUA) Peter writes in (http://slexy.org/view/s202obAqbT) Thomas writes in (http://slexy.org/view/s21Kye2jAc) Martin writes in (http://slexy.org/view/s2zqFVqwxN) ***
38: A BUG's Life
We're back from BSDCan! This week on the show we'll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We'll get to hear their experiences of running one and maybe encourage some of you to start your own! After that, we've got a tutorial on the basics of NetBSD's package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD 11 goals and discussion (http://blather.michaelwlucas.com/archives/2053) Something that actually happened at BSDCan this year... During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE Some of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more There's also some notes from the devsummit virtualization session (http://blather.michaelwlucas.com/archives/2060), mostly talking about bhyve Lastly, he also provides some notes about ports and packages (http://blather.michaelwlucas.com/archives/2065) and where they're going *** An SSH honeypot with OpenBSD and Kippo (http://securit.se/2014/05/how-to-install-kippo-ssh-honeypot-on-openbsd-5-5-with-chroot/) Everyone loves messing with script kiddies, right? This blog post introduces Kippo (https://code.google.com/p/kippo/), an SSH honeypot tool, and how to use it in combination with OpenBSD It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely You can use this to get new 0day exploits or find weaknesses in your systems OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications *** NetBSD foundation financial report (https://www.netbsd.org/foundation/reports/financial/2013.html) The NetBSD foundation has posted their 2013 financial report It's a very "no nonsense" page, pretty much only the hard numbers In 2013, they got $26,000 of income in donations The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else Be sure to donate to whichever BSDs you like and use! *** Building a fully-encrypted NAS with OpenBSD (http://www.geektechnique.org/projectlab/796/how-to-build-a-fully-encrypted-nas-on-openbsd.html) Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing This article takes a look at the OpenBSD side and explains how (http://www.geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto.html) to build a NAS with security in mind The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too There's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up! *** Interview - Brian Callahan & Aaron Bieber - admin@lists.nycbug.org (mailto:admin@lists.nycbug.org) & admin@cobug.org (mailto:admin@cobug.org) Forming a local BSD Users Group Tutorial The basics of pkgsrc (http://www.bsdnow.tv/tutorials/pkgsrc) News Roundup FreeBSD periodic mails vs. monitoring (http://deranfangvomende.wordpress.com/2014/05/11/freebsd-periodic-mails-vs-monitoring/) If you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them From bad SSH logins to Zabbix alerts, it all adds up quickly It highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers *** Doing cool stuff with OpenBSD routing domains (http://www.skogsrud.net/?p=44) A blog post from our viewer and regular emailer, Kjell-Aleksander! He manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project This is where OpenBSD routing domains and pf come in to save the day The blog post goes through the process with all the network details you could ever dream of He even named his networking equipment... after us (http://i.imgur.com/penYQFP.jpg) *** LibreSSL, the good and the bad (http://insanecoding.blogspot.com/2014/04/libressl-good-and-bad.html) We're all probably familiar with OpenBSD's fork of OpenSSL at this point However, "for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk" This article talks about some of the cryptographic development challenges involved with maintaining such a massive project You need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility *** PCBSD weekly digest (http://blog.pcbsd.org/2014/05/weekly-feature-digest-28-photos-of-the-new-appcafe-re-design/) Lots going on in PCBSD land this week, AppCafe has been redesigned The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update In the more recent post (http://blog.pcbsd.org/2014/05/weekly-feature-digest-29-pbing/), there's some further explanation of the PBI system and the reason for the transition It's got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion *** Feedback/Questions Antonio writes in (http://slexy.org/view/s2UbEhgjce) Daniel writes in (http://slexy.org/view/s21XU0y3JP) Sean writes in (http://slexy.org/view/s2QQtuawFl) tsyn writes in (http://slexy.org/view/s20XrT5Q8U) Chris writes in (http://slexy.org/view/s2ayZ1nsdv) ***
37: BSDCanned Goods
This week we're at BSDCan, ganging up on people and forcing them to give us interviews. Assuming we don't get arrested for harassment, we'll be back next week with your regularly scheduled programming. For now, we've got some feedback emails to catch up on, as well as a prerecorded talk Matt Ahrens gave about ZFS. We'll be back to tell you all about the conference next week, on BSD Now - the place to B.. SD. This episode was brought to you by Presentation - Matthew Ahrens - matt@mahrens.org (mailto:matt@mahrens.org) / @mahrens1 (https://twitter.com/mahrens1) OpenZFS discussion Feedback/Questions Remy writes in (http://slexy.org/view/s2kGZUlxjg) Darin writes in (http://slexy.org/view/s23j9RHsIx) Steve writes in (http://slexy.org/view/s21dMlBAhM) Pascal writes in (http://slexy.org/view/s20IyvdSmR) ***
36: Let's Get RAID
This week on the show we'll be showing you how to set up RAID arrays in both FreeBSD and OpenBSD. There's also an interview with David Chisnall - of the FreeBSD core team - about the switch to Clang and a lot more. As usual, we'll be dropping the latest news and answering your emails, so sit back and enjoy some BSD Now - the place to B.. SD. This episode was brought to you by Headlines OpenBSD 5.5 released (http://www.openbsd.org/55.html) If you ordered (https://https.openbsd.org/cgi-bin/order) a CD set (https://twitter.com/blakkheim/status/461909893813784576) then you've probably had it for a little while already, but OpenBSD has formally announced the public release (http://undeadly.org/cgi?action=article&sid=20140501153339) of 5.5 This is one of the biggest releases to date, with a very long list of changes and improvements Some of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes... and a lot more The full list of changes (http://www.openbsd.org/plus55.html) is HUGE, be sure to read through it all if you're interested in the details If you're doing an upgrade from 5.4 instead of a fresh install, pay careful attention to the upgrade guide (http://www.openbsd.org/faq/upgrade55.html) as there are some very specific steps for this version Also be sure to apply the errata patches (http://www.openbsd.org/errata55.html) on your new installations... especially those OpenSSL ones (some of which still aren't fixed (http://marc.info/?l=oss-security&m=139906348230995&w=2) in the other BSDs yet) On the topic of errata patches, the project is now going to also send them out (signed (http://undeadly.org/cgi?action=article&sid=20140502103355)) via the announce mailing list (http://lists.openbsd.org/cgi-bin/mj_wwwusr?user=&passw=&func=lists-long-full&extra=announce), a very welcome change Congrats to the whole team on this great release - 5.6 is going to be even more awesome with "Libre"SSL and lots of other stuff that's currently in development *** FreeBSD foundation funding highlights (http://freebsdfoundation.blogspot.com/2014/04/freebsd-foundation-spring-fundraising_28.html) The FreeBSD foundation posts a new update on how they're spending the money that everyone donates "As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we've done to help FreeBSD become the most innovative, reliable, and high-performance operation system" During this spring, they want to highlight the new UEFI boot support and newcons (http://freebsdfoundation.blogspot.com/2014/05/freebsd-foundation-newcons-project.html) There's a lot of details about what exactly UEFI is and why we need it going forward FreeBSD has also needed some updates to its console to support UTF8 and wide characters Hopefully this series will continue and we'll get to see what other work is being sponsored *** OpenSSH without OpenSSL (http://marc.info/?l=openbsd-cvs&m=139879453001957&w=2) The OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional Since it won't have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security This version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES in counter mode and the new combination (http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?rev=HEAD;content-type=text%2Fplain) of the Chacha20 stream cipher with Poly1305 for packet integrity Key exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs No support for RSA, DSA or ECDSA public keys - only Ed25519 It also includes a new buffer API (http://marc.info/?l=openbsd-cvs&m=139883582313750&w=2) and a set of wrappers to make it compatible with the existing API Believe it or not, this was planned before all the heartbleed craziness Maybe someday soon we'll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc, would be really neat *** BSDMag's April 2014 issue is out (http://bsdmag.org/magazine/1861-free-pascal-on-bsd-april-bsd-issue) The free monthly BSD magazine has got a new issue available for download This time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online Anyone can contribute to the magazine, just send the editors an email about what you want to write No Linux articles this time around, good *** Interview - David Chisnall - theraven@freebsd.org (mailto:theraven@freebsd.org) The LLVM/Clang switch, FreeBSD's core team, various topics Tutorial RAID in FreeBSD and OpenBSD (http://www.bsdnow.tv/tutorials/raid) News Roundup BSDTalk episode 240 (http://bsdtalk.blogspot.com/2014/04/bsdtalk240-about-time-with-george.html) Our buddy Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest - mainly to talk about NTP and keeping reliable time Topics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round trip time, some of the recent NTP amplification attacks, the downsides to using UDP instead of TCP and... much more GNN also talks a little about the Precision Time Protocol (https://en.wikipedia.org/wiki/Precision_Time_Protocol) and how it's different than NTP Two people (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) we've interviewed (http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk) talking to each other, awesome If you're interested in NTP, be sure to see our tutorial (http://www.bsdnow.tv/tutorials/ntpd) too *** m2k14 trip reports (http://undeadly.org/cgi?action=article&sid=20140502092427) We've got a few more reports from the recent OpenBSD hackathon in Morocco The first one is from Antoine Jacoutot (who is a key GNOME porter and gave us the screenshots for the OpenBSD desktop tutorial (http://www.bsdnow.tv/tutorials/the-desktop-obsd)) "Since I always fail at actually doing whatever I have planned for a hackathon, this time I decided to come to m2k14 unprepared about what I was going to do" He got lots of work done with ports and pushing GNOME-related patches back up to the main project, then worked on fixing ports' compatibility with LibreSSL Speaking of LibreSSL, there's an article (http://undeadly.org/cgi?action=article&sid=20140505062023) all would-be portable version writers should probably read and take into consideration Jasper Adriaanse also writes (http://undeadly.org/cgi?action=article&sid=20140501185019) about what he got done over there He cleaned up and fixed the puppet port to work better with OpenBSD *** Why you should use FreeBSD on your cloud VPS (https://www.atlantic.net/blog/2014/04/08/freebsd-ssd-cloud-vps-hosting-10-reasons/) Here we have a blog post from Atlantic, a VPS and hosting provider, about 10 reasons for using FreeBSD Starts off with a little bit of BSD history for those who are unfamiliar with it and only know Linux and Windows The 10 reasons are: community, stability, collaboration, ease of use, ports, security, ZFS, GEOM, sound and having lots of options The post goes into detail about each of them and why FreeBSD makes a great choice for a VPS OS *** PCBSD weekly digest (http://blog.pcbsd.org/2014/05/weekly-feature-digest-27-software-system-redesign/) Big changes coming in the way PCBSD manages software The PBI system, AppCafe and related tools are all going to use pkgng now The AppCafe will no longer be limited to PBIs, so much more software will be easily available from the ports tree New rating system coming soon and much more *** Feedback/Questions Martin writes in (http://slexy.org/view/s21bk2oPuQ) John writes in (http://slexy.org/view/s2n9fx1Rpw) Alex writes in (http://slexy.org/view/s2rBBKLA4u) Goetz writes in (http://slexy.org/view/s20JY6ZI71) Jarrad writes in (http://slexy.org/view/s20YV5Ohpa) ***
35: Puffy Firewall
We're back again! On this week's packed show, we've got one of the biggest tutorials we've done in a while. It's an in-depth look at PF, OpenBSD's firewall, with some practical examples and different use cases. We'll also be talking to Peter Hansteen about the new edition of "The Book of PF." Of course, we've got news and answers to your emails too, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines ALTQ removed from PF (http://undeadly.org/cgi?action=article&sid=20140419151959) Kicking off our big PF episode... The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately. *** FreeBSD Quarterly Status Report (https://www.freebsd.org/news/status/report-2014-01-2014-03.html) The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team LOTS of details and LOTS of topics to cover, give it a read *** OpenBSD's OpenSSL rewrite continues with m2k14 (http://undeadly.org/cgi?action=article&sid=20140417184158) A mini OpenBSD hackathon (http://www.openbsd.org/hackathons.html) begins in Morocco, Africa You can follow the changes in the -current CVS log (http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/), but a lot of work (http://undeadly.org/cgi?action=article&sid=20140418063443) is mainly going towards the OpenSSL cleaning We've got two trip (http://undeadly.org/cgi?action=article&sid=20140429121423) reports (http://undeadly.org/cgi?action=article&sid=20140425115340) so far, hopefully we'll have some more to show you in a future episode You can see some of the more interesting quotes (http://opensslrampage.org/) from the tear-down or see everything (http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf) Apparently (http://undeadly.org/cgi?action=article&sid=20140423045847) they are going to call the fork "LibreSSL (https://news.ycombinator.com/item?id=7623789)" .... What were the OpenSSL developers thinking (http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf)? The RSA private key was used to seed the entropy! We also got some mainstream news coverage (http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/) and another post from Ted (http://www.tedunangst.com/flak/post/origins-of-libressl) about the history of the fork Definitely consider donating to the OpenBSD foundation (http://www.openbsdfoundation.org/donations.html), this fork will benefit all the other BSDs too *** NetBSD 6.1.4 and 6.0.5 released (https://blog.netbsd.org/tnf/entry/netbsd_6_1_4_and) New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes The main update is - of course - the heartbleed vulnerability Also includes fixes for other security issues and even a kernel panic... on Atari Patch your Ataris right now, this is serious business *** Interview - Peter Hansteen - peter@bsdly.net (mailto:peter@bsdly.net) / @pitrh (https://twitter.com/pitrh) The Book of PF: 3rd edition Tutorial BSD Firewalls: PF (http://www.bsdnow.tv/tutorials/pf) News Roundup New Xorg now the default in FreeBSD (https://svnweb.freebsd.org/ports?view=revision&revision=351411) For quite a while now, FreeBSD has had two versions of X11 in ports The older, stable version was the default, but you could install a newer one by having "WITHNEWXORG" in /etc/make.conf They've finally made the switch for 10-STABLE and 9-STABLE Check this wiki page (https://wiki.freebsd.org/Graphics) for more info *** GSoC-accepted BSD projects (https://www.google-melange.com/gsoc/org2/google/gsoc2014/openbsdfoundation) The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon The FreeBSD list (https://www.google-melange.com/gsoc/org2/google/gsoc2014/freebsd) was also posted Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more Good luck to all the students participating, hopefully they become full time BSD users *** Complexity of FreeBSD VFS using ZFS as an example (http://www.hybridcluster.com/blog/complexity-freebsd-vfs-using-zfs-example-part-2/) HybridCluster posted the second part of their VFS and ZFS series This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy Of course, also watch episode 24 (http://www.bsdnow.tv/episodes/2014_02_12-the_cluster_the_cloud) for our interview with HybridCluster - they do really interesting stuff *** PCBSD weekly digest (http://blog.pcbsd.org/2014/04/weekly-feature-digest-26-the-lumina-project-and-preload/) Preload has been ported over, it's a daemon that prefetches applications PCBSD is developing their own desktop environment, Lumina (there's also an FAQ (http://blog.pcbsd.org/2014/04/quick-lumina-desktop-faq/)) It's still in active development, but you can try it out by installing from ports We'll be showing a live demo of it in a few weeks (when development settles down a bit) Some kid in Australia subjects his poor mother to being on camera (https://www.youtube.com/watch?v=ETxhbf3-z18) while she tries out PCBSD and gives her impressions of it ***