We talk to Devin Teske about his work with bsdinstall, bsdconfig and all the other interesting things he’s been up to lately.

This week we’re at EuroBSDCon, so we’ve just got an interview for you today. BSD Now will be back next week with a normal episode and lots of stories from the conference. We’ll also try to get some more interviews there.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Interview – Devin Teske – dteske@freebsd.org / @devinteske

bsdconfig, bsdinstall, sysrc and fdpv

Sr. FreeBSD Architect and Systems Integration Specialist at FISGlobal

• Q: Could you tell us a little bit about yourself and how you got involved with FreeBSD?
• Q: What tools in base did you have a hand in creating?
• Q: What are you working on for bsdinstall?
• Q: A question many want to know: when we will we have a zfs-on-root option in the default installer? Or full disk encryption?
• Q: Tell us about your new tools: bsdconfig, sysrc and fdpv
• Q: Any chance of seeing the boot menu’s 4th code being replaced with something else?
• Q: Are there any secret projects have you been working on lately?
• Q: What is DruidBSD?

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also acceptable)
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Teskeing the Possibilities | BSD Now 4 first appeared on Jupiter Broadcasting.

A tutorial on pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news.

All that and more on BSD Now! The place to B… SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

pfSense 2.1-RELEASE is out

• Now based on FreeBSD 8.3
• Lots of IPv6 features added
• Security updates, bug fixes, driver updates
• PBI package support
• Way too many updates to list, see the full list

New kernel based iSCSI stack comes to FreeBSD

• Brief explanation of iSCSI
• This work replaces the older userland iscsi target daemon and improves the in-kernel iscsi initiator
• Target layer consists of:
• ctld(8), a userspace daemon responsible for handling configuration, listening for incoming connections, etc, then handing off connections to the kernel after the iSCSI Login phase
• iSCSI frontend to CAM Target Layer, which handles Full Feature phase.
• The work is being sponsored by FreeBSD Foundation
• Commit here

MTier creates openup utility for OpenBSD

• MTier provides a number of things for the OpenBSD community
• For example, regularly updated (for security) stable packages from their custom repo
• openup is a utility to easily check for security updates in both base and packages
• It uses the regular pkg tools, nothing custom-made
• Can be run from cron, but only emails the admin instead of automatically updating

OpenSSH in FreeBSD -CURRENT supports DNSSEC

• OpenSSH in base is now compiled with DNSSEC support
• In this case the default setting for ‘VerifyHostKeyDNS’ is yes
• OpenSSH will silently trust DNSSEC-signed SSHFP records
• It is the secteam’s opinion that this is better than teaching users to blindly hit “yes” each time they encounter a new key

Interview – Gilles Chehade & Eric Faurot – gilles@openbsd.org / @poolpOrg & eric@openbsd.org

OpenSMTPD

• Q: Could you tell us a little bit about yourselves and how you got involved with OpenBSD?
• Q: What exactly is OpenSMTPD and why was it created?
• Q: How big is your team of developers? Who’s doing what?
• Q: How compatible is it with things like dovecot, spamassassin, etc?
• Q: Are there any advantages over the other mail servers like Postfix or Exim?
• Q: If someone wanted to switch from them, is it an easy replacement?
• Q: The config syntax is very nice and easy to grasp. Was inspired from PF’s at all?
• Q: What made you decide to develop a portable version, a la OpenSSH?
• Q: Tell us some cool, upcoming features in a future release
• Q: Anything else you’d like to mention about the project?
• Q: Where can people find more info and help with development if they want?

Tutorial

Using pkgng for binary package management

• Live demo
• pkgng is the replacement for the old pkg_add tools
• Much more modern, supports an array of features that the old system didn’t
• Works on DragonflyBSD as well

News Roundup

New progress with Newcons

• Newcons is a replacement console driver for FreeBSD
• Supports unicode, better graphics modes and bigger fonts
• Progress is being made, but it’s not finished yet

relayd gets PFS support

• relayd is a load balancer for OpenBSD which does protocol layers 3, 4, and 7
• Currently being ported to FreeBSD. There is a WIP port
• Works by negotiating ECDHE (Elliptic curve Diffie-Hellman) between the remote site and relayd to enable TLS/SSL Perfect Forward Secrecy, even when the client does not support it

OpenZFS Launches

• Slides from LinuxCon
• Will feature ‘Office Hours’ (Ask an Expert)
• Goal is to reduce the differences between various open source implementations of ZFS, both user facing and pure lines of code

FreeBSD 10-CURRENT becomes 10.0-ALPHA

• Glen Barber tagged the -CURRENT branch as 10.0-ALPHA
• In preparation for 10.0-RELEASE, ALPHA2 as of 9/18
• Everyone was rushing to get their big commits in before 10-STABLE, which will be branched soon
• 10 is gonna be HUGE

September issue of BSD Mag

• BSD Mag is a monthly online magazine about the BSDs
• This month’s issue has some content written by Kris
• Topics include MidnightBSD live cds, server maintenance, turning a Mac Mini into a wireless access point with OpenBSD, server monitoring, FreeBSD programming, PEFS encryption and a brief introduction to ZFS

The FreeBSD IRC channel is official

• For many years, the FreeBSD freenode channel has been “unofficial” with a double-hash prefix
• Finally it has freenode’s blessing and looks like a normal channel!
• The old one will forward to the new one, so your IRC clients don’t need updating

OpenSSH 6.3 released

• After a big delay, Damien Miller announced the release of 6.3
• Mostly a bugfix release, with a few new features
• Of note, SFTP now supports resuming failed downloads via -a

Feedback/Questions

• A couple people wrote in to tell us not only OpenBSD have 64bit time. We misspoke.
• James writes in: https://slexy.org/view/s2wBbbSWGz
• Elias writes in: https://slexy.org/view/s2LMDF3PYx
• Gabor writes in: https://slexy.org/view/s2aCodo65X
• Possibly the coolest feedback we’ve gotten thus far: Baptiste Daroussin, leader of the FreeBSD ports management team and author of poudriere and pkgng, has put up the BSD Now poudriere tutorial on the official documentation!
• We always want more feedback, especially tutorial ideas and show topics you want to see

• Big thanks to TJ for writing most of the show notes and the tutorials, as well as handling most of your feedback
• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also acceptable)
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post MX with TTX | BSD Now 3 first appeared on Jupiter Broadcasting.

BSD Now is BACK to talk with Glen Barber from the FreeBSD Release team, show you how to build your own binary package repository and discuss the latest BSD news!

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

64bit time in OpenBSD

• Many operating systems face an upcoming challenge, similar to (but more complicated than) Y2K: Y2038. All of the BSDs and most other operating systems track time by counting the seconds since Jan 1st, 1970. In 2038 this value will reach the maximum value of a signed 32 bit integer.
• Simply changing to a 64 bit counter may not be the best solution, because there may still be 32 bit systems in use for embedded applications
• Theo will be giving the keynote at EuroBSDCon on the subject, explaining how OpenBSD has implemented the solution
• No other BSDs have it yet
• ABI incompatibility. Updating to this kernel requires extra work or you won\’t be able to login: install a snapshot instead. Upgrading by source is for the insane only.

AESNI pipelining gets a speed boost

• AES-NI is a new processor instruction available on modern Intel and AMD chips that provides hardware acceleration for AES encryption and decryption. This feature is especially useful for encrypted disks, because it removes most of the performance penalty traditionally associated with encryption
• The new commit has the instructions pipelined, so there is no latency between the instructions
• Uses SSE2 instructions for calculating XTS tweak factor for further increased performance
• GELI based disk encryption performance increased by 3x on capable CPUs
• Should affect PEFS and other AES backed encryption schemes as well
• Full disk encryption should be more or less transparent now

OpenBSD 5.4 Preorders

• Every 6 months there is a new OpenBSD version
• They include a fun song and nicely-packaged CD set
• The proceeds from sale of these products is the primary funding of the OpenBSD project
• The official ISOs will be uploaded on November 1st

GCC no longer built by default on FreeBSD -CURRENT

• On platforms where clang is the default compiler, don\’t build gcc or libstdc++
• GCC is still enabled on PC98, because the PC98 bootloader requires GCC to build
• While the base FreeBSD system has been built by clang for a long time, this change also covers the ports tree

Patch to update Xorg and Mesa on FreeBSD

• Updates xorg drivers
• Expected to be committed in about 2 weeks
• Adds option to use devd instead of HAL for X configuration
• Updates the MESA stack (9.1.6), libGL, DRI, etc
• Enables KMS for AMD/ATI cards
• Call for Testing
• OpenBSD has recently upgraded to Mesa 9.2 for their stable version of Xorg

Interview – Glen Barber – gjb@freebsd.org @g_j_b_

FreeBSD Release Engineering

• Q: Tell us a little about yourself, your role with the project – K
• Q: When did you join the release engineering team (re@) and how did that come about? -A
• Q: What kind of tasks and decisions are in the hands of re@? – K
• Q: Why it is /pub/FreeBSD/releases/amd64/amd64/ -A
• Q: Any stand-out features of 9.2-RELEASE that you’re personally excited about? -K
• Q: Tell us about net.inet.tcp.experimental.initcwnd10 in r242266 -A
• Q: Why was it reverted for 9.2-RC3? Causing problems? -K
• Q: Why was there an RC4 added? – A
• Q: Talk about the new snapshot releases for -CURRENT/-STABLE (we’ll have a future segment on how to upgrade to these branches) – K
• Q: Is there a possibility of freebsd-update someday offering snapshot-based upgrades to the -STABLE or -CURRENT branches? What technical difficulties need to be overcome? – A
• Q: Are there plans to remove bind from the base system? -K
• Q: Would it be possible in the future to have a “WITHOUT_BLOBS” src.conf option to remove any non-open source wifi firmware modules and such? -A
• Q: Tell us about you joining the FreeBSD Foundation and what this will mean for users – K

Tutorial

Making your own binary repository

• Live demo
• Poudriere builds binary packages from a list of ports (or the whole tree)
• Uses the fantastic BSD jail system for everything
• Supports signing the repository with an RSA key
• Easy way to deploy large number of systems or low-powered systems
• Very flexible, works on different versions of the OS, lots of features

Place to B…SD

iXsystems hosts FreeBSD Anniversary party

• Celebrating FreeBSD’s 20th anniversary
• Saturday, November 2nd at the DNA Lounge in San Francisco
• Notable FreeBSD figures will contribute words of wisdom on the past, present, and future of FreeBSD

News Roundup

NetBSD gets basic support for the cubieboard 1 & 2

• Very preliminary support for cubieboard 1 & 2 based on the Allwinner A10 & A20 SoCs
• Many drivers are stubs with autoconf glue
• Contributed by Matt Thomas

Rayservers ditches Linux for BSD

• Used them all, Windows, Mac, OpenBSD, Linux
• Needed PF, ZFS, disk encryption, lots of networking features, better security
• In Linux, \”The new cgroups based memory management ran out of memory – on a 256 GB RAM system whilst it was not using more than 40.\”
• BSD now protects the privacy of their email users

HPN for OpenSSH 6.2

• High Performance Networking is an SSH patchset to improve transfer speeds by removing the fixed window size and take better advantage of TCP
• Maintained as a patchset separate from OpenSSH
• First integrated into FreeBSD base as of 9.0
• Updated to support 6.2 (available in the ports tree as security/openssh-portable)
• The HPN patch set also includes threaded AES-CTR support to increase performance and take advantage of multiple CPU cores for encryption. In this latest patch, threaded AES-CTR now works in all situations (it failed in some specific situations previously). Expected performance increase is ~50%
• NONE cipher is now separate from the main patch set. The NONE cipher allows tools like scp and sftp to switch off the encryption for file transfers (when specifically told to do so) to keep encryption from bottlenecking performance and wasting CPU time

Call for testing: OpenSSH-6.3

• Mostly a bugfix release
• SFTP now supports resuming partially-downloaded or uploaded transfers
• More logging features
• Six weeks after the initial email, still no release. des@ is not pleased.

pkgsrc gets signing

• pkgsrc is used on NetBSD, DragonflyBSD and other OSes
• Comes from an EdgeBSD developer
• Uses GPG for signing package files
• Currently just a patch on github and in its infancy
• Provides a short howto

FreeBSD vs. Linux: 10 points of superiority

• New FreeBSD user, ex-Linux user writes about his experience
• Mentions consistency, documentation, security, filesystems, updates, jails, community
• Really long post, definitely worth a read

[Feedback/Questions]

• We received TONS of email. We’ll get to a few of the questions, but a lot of them will be answered in future episodes.

• hoopla writes in: “I\’m looking to install PCBSD on my laptop and was wondering if there was support for encryption of the root folder in the installer. For my arch linux install I ended up setting up an encrypted lvm by hand and it was hell but if it\’s built into the installer it\’d make the transition to BSD much simpler.”

• Juergen writes in: \”hi guys, I want to listen to the new BSD podcast but I couldn\’t find the RSS feed. Can you publish the feed?\”

• Due to the way publishing happens at JupiterBroadcasting, there were no RSS feeds until the first episode was published. The feeds for MP3, OGG, SD and HD Video and Torrent are now in the top right corner of the BSDNow.tv page. The episodes will also be published on iTunes once the show is approved by Apple.

• Sam write in with two questions: “I want a few simple python web apps. What is the best \”FreeBSD way\” to deploy this? Nginx + uWSGI? It is surprisingly hard to find a usable nginx.conf that I can throw in a jail and run a python app. Is uWSGI even the right tool?”

• “The PCBSD tools are great, but the tool versions that are in the ports tree are always out of date compared to what ships with PC-BSD. Why is this? Same with FreeNAS, why is the Warden more up to date in FreeNAS than PC-BSD.. then there\’s yet a 3rd version in ports?”

• Frank writes in with a long question: “My company is a major CA. We run virtualized RHEL 6 virtualized on KVM, about 3000 nodes serving different purposes on about 350 pizza boxes also running RHEL/KVM. We have kind of a sale issue. To have both TLS 1.2 support and ECC ciphers available we have to recompile both OpenSSL and NGINX and a few other system packages. I\’ve built RPM\’s, but there still are issues on a default install, relating to other not to be disclosed core business software choughJava based cachough. However, compiling it all on each machine does work.

Now I\’ve got this working on FreeBSD kvm virtual machines, which both provide better performance (almost 30% less resource usage than the RHEL nodes) and also work with our configuration management stack (puppet + homegrown). It also would allow us to drop a lot of virtual nodes because less BSD boxes can handle the same amount as the CentOS ones. And of course the lack of security issues, less software by default on a fresh install and such.

My team also likes it, has knowledge, supports a migration, and the metrics support it, however management is not happy and does not want to do such a big \”migration\”. (Not knowing that about 100 VM\’s are already FreeBSD and working). Also, they don\’t like that they\’ve got a 10 year contract with Red Hat and have paid for that… But, in the end the cost would go down because of the migration.

Any tips to get support from them?”
+ The first thing that comes to mind is to see what other people have done in the past. There was a presentation at BSDCan 2013 in May of this year on this specific topic: Case study: Switching from Linux to FreeBSD

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter: @BSDNow (also acceptable)
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Engineering and Powder Kegs | BSD Now 2 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Radeon KMS commited

• Committed by Jean-Sebastien Pedron
• Brings kernel mode setting to -CURRENT, will be in 10.0-RELEASE (ETA 12/2013)
• 10-STABLE is expected to be branched in October, to begin the process of stabilizing development
• Initial testing shows it works well
• May be merged to 9.X, but due to changes to the VM subsystem this will require a lot of work, and is currently not a priority for the Radeon KMS developer
• Still suffers from the syscons / KMS switcher issues, same as Intel video
• More info: https://wiki.freebsd.org/AMD_GPU

VeriSign Embraces FreeBSD

• “BSD is quite literally at the very core foundation of what makes the Internet work”
• Using BSD and Linux together provides reliability and diversity
• Verisign gives back to the community, runs vBSDCon
• “You get comfortable with something because it works well for your particular purposes and can find a good community that you can interact with. That all rang true for us with FreeBSD.”

fetch/libfetch get a makeover

• Adds support for SSL certificate verification
• Requires root ca bundle (security/root_ca_nss)
• Still missing TLS SNI support (Server Name Indication, allows name based virtual hosts over SSL)

FreeBSD Foundation Semi-Annual Newsletter

• The FreeBSD Foundation took the 20th anniversary of FreeBSD as an opportunity to look at where the project is, and where it might want to go
• The foundation sets out some basic goals that the project should strive towards:
  • Unify User Experience
    • “ensure that knowledge gained mastering one task translates to the next”
    • “if we do pay attention to consistency, not only will FreeBSD be easier to use, it will be easier to learn”
  • Design for Human and Programmatic Use
    • 200 machines used to be considered a large deployment, with high density servers, blades, virtualization and the cloud, that is not so anymore
    • “the tools we provide for status reporting, configuration, and control of FreeBSD just do not scale or fail to provide the desired user experience”
    • “The FreeBSD of tomorrow needs to give programmability and human interaction equal weighting as requirements”
  • Embrace New Ways to Document FreeBSD
    • More ‘Getting Started’ sections in documentation
    • Link to external How-Tos and other documentation
    • “upgrade the cross-referencing and search tools built into FreeBSD, so FreeBSD, not an Internet search engine, is the best place to learn about FreeBSD”
• Spring Fundraising Campaign, April 17 – May 31, raised a total of $219,806 from 12 organizations and 365 individual donors. In the same period last year we raised a total of $23,422 from 2 organizations and 53 individuals
• Funds donated to the FreeBSD Foundation have been used on these projects recently:
• Capsicum security-component framework
• Transparent superpages support of the FreeBSD/ARM architecture
• Expanded and faster IPv6
• Native in-kernel iSCSI stack
• Five New TCP Congestion Control Algorithms
• Direct mapped I/O to avoid extra memory copies
• Unified Extensible Firmware Interface (UEFI) boot environment
• Porting FreeBSD to the Genesi Efika MX SmartBook laptop (ARM-based)
• NAND Flash filesystem and storage stack
• Funds were also used to sponsor a number of BSD focused conferences: BSDCan, EuroBSDCon, AsiaBSDCon, BSDDay, NYCBSDCon, vBSDCon, plus Vendor summits and Developer summits
• It is important that the foundation receive donations from individuals, to maintain their tax exempt status in the USA. Even a donation of $5 helps make it clear that the FreeBSD Foundation is backed by a large community, not only a few vendors
• Donate Today

The place to B…SD

Ohio Linuxfest, Sept. 13-15, 2013

• Very BSD friendly
• Kirk McKusick giving the keynote
• BSD Certification on the 15th, all other stuff on the 14th
• Multiple BSD talks

LinuxCon, Sept. 16-18, 2013

• Dru Lavigne and Kris Moore will be manning a FreeBSD booth
• Number of talks of interest to BSD users, including ZFS coop

EuroBSDCon, Sept. 26-29, 2013

• Tutorials on the 26 & 27th (plus private FreeBSD DevSummit)
• 43 talks spread over 3 tracks on the 28 & 29th
• Keynote by Theo de Raadt
• Hosted in the picturesque St. Julians Area, Malta (Hilton Conference Centre)

Interview – Peter Hessler – phessler@openbsd.org / @phessler

Using BGP to distribute spam blacklists and whitelists

• Q: Tell us about yourself and your previous contributions to OpenBSD
• Q: What is BGP spamd
• Q: What made you start the project?
• Q: Why use BGP? What are the pros/cons versus the standard DNS distribution model?
• Q: (How) can others make use of the project?
• Q: How can other contribute to the project?
• Q: What else are you working on?

Tutorial

Using stunnel to hide your traffic from Deep Packet Inspection

• Live demo between two hosts
• Tunnel any insecure traffic over SSL/TLS
• Allows you to bypass Intrusion Detection Systems

News Roundup

NetBSD 6.1.1 released

• First security/bug fix update of the NetBSD 6.1 release branch
• Fixes 4 security vulnerabilities
• Adds 4 new sysctls to avoid IPv6 DoS attacks
• Misc. other updates

Sudo Mastery

• MWL is a well-known author of many BSD books
• Also does SSH, networking, DNSSEC, etc.
• Next book is about sudo, which comes from OpenBSD (did you know that?)
• Available for preorder now at a discounted price

Documentation Infrastructure Enhancements

• Gábor Kövesdán has completed a funded project to improve the infrastructure behind the documentation project
• Will upgrade documentation from DocBook 4.2 to DocBook 4.5 and at the same time migrate to proper XML tools.
• DSSSL is an old and dead standard, which will not evolve any more.
• DocBook 5.0 tree added

FreeBSD FIBs get new features

• FIBs (as discussed earlier in the interview) are Forward Information Bases (technical term for a routing table)
• The FreeBSD kernel can be compiled to allow you to maintain multiple FIBs, creating separate routing tables for different processes or jails
• In r254943 ps(1) is extended to support a new column ‘fib’, to display which routing table a process is using

FreeNAS 9.1.0 and 9.1.1 released

• Many improvements in nearly all areas, big upgrade
• Based on FreeBSD 9-STABLE, lots of new ZFS features
• Cherry picked some features from 10-CURRENT
• New volume manager and easy to use plugin management system
• 9.1.1 released shortly thereafter to fix a few UI and plugin bugs

BSD licensed “patch” becomes default

• bsdpatch has become mature, does what GNU patch can do, but has a much better license
• Approved by portmgr@ for use in ports
• Added WITH_GNU_PATCH build option for people who still need it

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post BGP & BSD | BSD Now 1 first appeared on Jupiter Broadcasting.