Coming up this week on the show!
We’ve got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like.
The latest news, answers to your emails and even some LibreSSL drama, on BSD Now – the place to B.. SD.
Thanks to:
Direct Download:
Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube
RSS Feeds:
MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed
– Show Notes: –
Headlines
g2k14 hackathon reports
- Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon
- Lots of work got done – in just the first two weeks of July, there were over 1000 commits to their CVS tree
- Some of the developers wrote in to document what they were up to at the event
- Bob Beck planned to work on kernel stuff, but then “LibreSSL happened” and he spent most of his time working on that
- Miod Vallat also tells about his LibreSSL experiences
- Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we’ll be interviewing him next week!)
- Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)
- Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things
- Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency
- Martin Pelikan integrated read-only ext4 support
- Vadim Zhukov did lots of ports work, including working on KDE4
- Theo de Raadt created a new, more secure system call, “sendsyslog” and did a lot of work with /etc, sysmerge and the rc scripts
- Paul Irofti worked on the USB stack, specifically for the Octeon platform
- Sebastian Benoit worked on relayd filters and IPv6 code
- Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader
- Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection
- Stefan Sperling fixed a lot of issues with wireless drivers
- Florian Obser did many things related to IPv6
- Ingo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface
- Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives
- Matthieu Herrb worked on updating and modernizing parts of xenocara
FreeBSD pf discussion takes off
- A thread started on the freebsd-questions and freebsd-current mailing lists this week concerning FreeBSD’s version of pf being old and seemingly unmaintained (unfortunately people didn’t always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)
- Straight from the SMP FreeBSD pf maintainer: “no one right now [is actively developing pf on FreeBSD]” and “Following OpenBSD on features would be cool, but no bulk imports would be made again. Bulk imports produce bad quality of port,
and also pf in OpenBSD has no multi thread support” - Baptiste Daroussin was quick to point out that multi-thread support is not the only difference between FreeBSD and OpenBSD versions of pf, including work that was done to support VIMAGE (network virtualization, to support have entire network stacks in jails)
- Baptiste Daroussin also reports on his efforts to update FreeBSD pf. He ran into problems and after breaking pf on head, his changes were reverted. He reports that he is still interested in porting individual OpenBSD pf features that are relevant to him, but not in a ‘full sync’ or being the overall maintainer of FreeBSD pf
- The project is looking for volunteers to continue the work. Mentorship is available for a number of people familiar with the FreeBSD networking stack, and Henning Brauer (one of the authors of OpenBSD pf) has stated his willingness to help on a number of occasions, and candidates can apply to the FreeBSD Foundation for funding
- Searching for documentation online for pf is troublesome because there are two incompatible syntaxes
- FreeBSD’s pf man pages are lacking, and some of FreeBSD’s documentation still links to OpenBSD’s pages, which are not compatible anymore
- The discussion also touched on importing pf patches from pfSense, although the license that these patches are under is not clear at this time
- Things quickly got off topic as further disagreement among individual developers vs. users derailed the conversation somewhat
- Many users are very vocal about wanting it updated, saying they are willing to deal with the syntax change and it is worth the benefits
- Some developers wonder which features of OpenBSD pf users actually want, other than just ‘the latest shiny’
- Currently the only known problem with FreeBSD pf is with ipv6 fragments, and the VIMAGE subsystem
- Gleb Smirnoff, author of the FreeBSD-specific SMP patches, says Henning’s claims about OpenBSD’s improved speed are “uncorroborated claims” (but neither side has provided any public benchmarks)
- Olivier Cochard-Labbé (of the BSD Router Project) provided his benchmarks from Nov 2013 of packet forwarding rates with various configurations of FreeBSD 9.2 and 10, vs OpenBSD 5.4. Here is the raw data and scripts to reproduce and a graph of the results
- There seem to be many opinions about what to do about pf, but so far no one willing to do the work
LibreSSL progress update
- LibreSSL’s first few portable releases have come out and they’re making great progress, releasing 2.0.3 two days ago
- Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list
- However, there has already been some drama… with Linux users
- There was a problem with Linux’s PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy
- This “problem” doesn’t affect OpenBSD’s native implementation, only the portable version
- The developers decide to weigh in to calm the misinformation and rage
- A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now – remember to say thanks, guys
- Ted Unangst has a really good post about the whole situation, definitely check it out
- As a follow-up from last week, bapt says they’re working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly – if you’re a port maintainer, please test your ports against it
Preparation for NetBSD 7
- The release process for NetBSD 7.0 is finally underway
- The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September
- If you run NetBSD, that’ll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)
- They’re also looking for some help updating documentation and fixing any bugs that get reported
- Another formal announcement will be made when the beta binaries are up
Interview – Dag-Erling Smørgrav – des@freebsd.org / @RealEvilDES
The role of the FreeBSD Security Officer, recent ports features, various topics
News Roundup
BSDCan ports and packages WG
- Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages
- Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages
- There’s also some detail about the signing infrastructure and different mirrors
- Ports people and source people need to talk more often about ABI breakage
- The post also includes information about pkg 1.3, the old pkg tools’ EOL, the quarterly stable package sets and a lot more (it’s a huge post!)
Cross-compiling ports with QEMU and poudriere
- With recent QEMU features, you can basically chroot into a completely different architecture
- This article goes through the process of building ARMv6 packages on a normal X86 box
- Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now
- The poudriere-devel port now has a “qemu user” option that will pull in all the requirements
- Hopefully this will pave the way for official pkgng packages on those lesser-used architectures
Cloning FreeBSD with ZFS send
- For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen
- This post shows his entire process in creating a mirror machine, using ZFS for everything
- The “zfs send” and “zfs snapshot” commands really come in handy for this
- He does the whole thing from a live CD, pretty impressive
FreeBSD Overview series
- A new blog series we stumbled upon about a Linux user switching to BSD
- In part one, he gives a little background on being “done with Linux distros” and documents his initial experience getting and installing FreeBSD 10
- He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels
- Most of what he was used to on Linux was already in the default FreeBSD (except bash…)
- Part two documents his experiences with pkgng and ports
Feedback/Questions
- Bostjan writes in
- Rick writes in
- Clint writes in
- Esteban writes in
- Ben writes in
- Matt sends in pictures of his FreeBSD CD collection
- All the tutorials are posted in their entirety at bsdnow.tv
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
- Last week we talked a bit about hardware compatibility, check out the NYC BSD Users’ Group’s dmesgd , a database of user submitted dmesg output from various hardware on various BSD’s. Help the community, submit your dmesg today!
- If you want to come on for an interview or have a tutorial you’d like to see, let us know – we want to do what the viewers want to see
- Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)