This week on the show we’re joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We’ll be discussing what the BSD Router Project is, what it’s for and where it’s going. All this week’s headlines and answers to viewer-submitted questions, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSD Devroom CFP

• This year’s FOSDEM conference (Belgium, Jan 31st – Feb 1st) is having a dedicated BSD devroom
• They’ve issued a call for papers on anything BSD-related, and we always love more presentations
• If you’re in the Belgium area or plan on going, submit a talk about something cool you’re doing
• There’s also a mailing list and some more information in the original post

Bhyve SVM code merge

• The bhyve_svm code has been in the “projects” tree of FreeBSD, but is now ready for -CURRENT
• This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only
• All the supported operating systems and utilities should work on both now
• One thing to note: bhyve doesn’t support PCI passthrough on AMD just yet
• There may still be some issues though

NetBSD at Open Source Conference Tokyo

• The Japanese NetBSD users group held a booth at another recent open source conference
• As always, they were running NetBSD on everything you can imagine
• One of the users reports back to the mailing list on their experience, providing lots of pictures and links
• Here’s an interesting screenshot of NetBSD running various other BSDs in Xen

More BSD switchers every day

• A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community
• Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect
• So far, he’s found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion
• There’s also another semi-related thread about another Linux user wanting to switch to BSD because of systemd and GNU people
• There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read
• Maybe the OPs should’ve just watched this show

Interview – Olivier Cochard-Labbé – olivier@cochard.me / @ocochardlabbe

The BSD Router Project

News Roundup

FreeBSD -CURRENT on a T420

• Thinkpads are quite popular with BSD developers and users
• Most of the hardware seems to be supported across the BSDs (especially wifi)
• This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI
• If you’ve got a Thinkpad, or especially this specific one, have a look at some of the steps involved
• PR/194359 tracks this issue
• Includes a URL to modified snapshots with a patch for the Auto (ZFS) mode in the installer to solve the GPT on some Lenovos issue

FreeNAS on a Supermicro 5018A-MHN4

• More and more people are migrating their NAS devices to BSD-based solutions
• In this post, the author goes through setting up FreeNAS on some of his new hardware
• His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM – quite a lot for its small form factor
• The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures)

Hardening procfs and linprocfs

• There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux
• There exists a native procfs in FreeBSD, which was the target point of that exploit, but it’s not used very often
• The Linux emulation layer also supports its own linprocfs, which was affected as well
• The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs
• If you want to learn more about ASLR and HardenedBSD, be sure to check out our interview with Shawn too

pfSense monitoring with bandwidthd

• A lot of people run pfSense on their home network, and it’s really useful to monitor the bandwidth usage
• This article will walk you through setting up bandwidthd to do exactly that
• bandwidthd monitors based on the IP address, rather than per-interface
• It can also build some cool HTML graphs, and we love those pfSense graphs
• Have a look at our bandwidth monitoring and testing tutorial for some more ideas

Feedback/Questions

• Dave writes in
• Chris writes in
• Zeke writes in
• Bostjan writes in
• Patrick writes in

Mailing List Gold

• More old bugs
• The Right Font (see also)

• All the tutorials are posted in their entirety at bsdnow.tv
• Send your BSD-related questions, comments, show ideas or stories you want mentioned on the show to feedback@bsdnow.tv – don’t hesitate to ask us if you need help with something
• OpenBSD is now 19 years old as of a few days ago, and also just passed the 300,000 commit mark – happy late birthday and congrats
• PCBSD will be at the Ohio Linuxfest (Columbus, Ohio on October 24–26) this year, so stop by and say hi if you’re there
• If you’re in or around New York’s Capital District, our friend bcallah is giving a talk about OpenBSD on October 24th at the Rensselaer Polytechnic Institute
• The FreeBSD graphics team has a new blog with some interesting content if you’re interested in that
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Don't Buy a Router | BSD Now 60 first appeared on Jupiter Broadcasting.

Coming up this week, we’ll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

PIE and ASLR in FreeBSD update

• A status update for Shawn Webb’s ASLR and PIE work for FreeBSD
• One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree
• “FreeBSD has supported loading PIEs for a while now, but the applications in base weren’t compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support”
• If you’re running -CURRENT, just add “WITH_PIE=1” to your /etc/src.conf and /etc/make.conf
• The next step is working on the ASLR coding style and getting more developers to look through it
• Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR

Misc. pfSense news

• Couple of pfSense news items this week, including some hardware news
• Someone’s gotta test the pfSense hardware devices before they’re sold, which involves powering them all on at least once
• To make that process faster, they’re building a controllable power board (and include some cool pics)
• There will be more info on that device a bit later on
• On Friday, June 27th, there will be another video session (for paying customers only…) about virtualized firewalls
• pfSense University, a new paid training course, was also announced
• A single two-day class costs $2000, ouch

ZFS stripe width

• A new blog post from Matt Ahrens about ZFS stripe width
• “The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice”
• Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages
• He covers best performance on random IOPS, best reliability, and best space efficiency use cases
• It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels’ overhead factor

FreeBSD 9.3-BETA3 released

• The third BETA in the 9.3 release cycle is out, we’re slowly getting closer to the release
• This is expected to be the final BETA, next will come the RCs
• There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what’s in -CURRENT (but still isn’t using ChaCha20)
• The FreeBSD foundation has a blog post about it too
• There’s a list of changes between 9.2 and 9.3 as well, but we’ll be sure to cover it when the -RELEASE hits

Interview – Bryce Chidester – brycec@devio.us / @brycied00d

Running a BSD shell provider

Tutorial

Chaining SSH connections

News Roundup

My FreeBSD adventure

• A Slackware user from the “linux questions” forum decides to try out BSD, and documents his initial impressions and findings
• After ruling out PCBSD due to the demanding hardware requirements and NetBSD due to “politics” (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on
• In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things
• So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux
• Might be an interesting, ongoing series we can follow up on later

Even more BSDCan trip reports

• BSDCan may be over until next year, but trip reports are still pouring in
• This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation
• He’s part of the “Jenkins CI for FreeBSD” group and went to BSDCan mostly for that
• Nice long post about all of his experiences at the event, definitely worth a read
• He even talks about… the food

FreeBSD disk partitioning

• For his latest book series on FreeBSD’s GEOM system, MWL asked the hackers mailing list for some clarification
• This erupted into a very long discussion about fdisk vs gnop vs gpart
• So you don’t have to read the tons of mailing list posts, he’s summarized the findings in a blog post
• It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools

BSD Router Project version 1.51

• A new version of the BSD Router Project has been released, 1.51
• It’s now based on FreeBSD 10-STABLE instead of 10.0-RELEASE
• Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere
• Check the sourceforge page for the complete list of changes
• The minimum disk size requirement has increased to 512MB

Feedback/Questions

• Fongaboo writes in
• David writes in
• Kristian writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• A special thanks to our viewer Lars for writing most of today’s tutorial and sending it in
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Devious Methods | BSD Now 42 first appeared on Jupiter Broadcasting.

We sit down for an interview with Jordan Hubbard, one of the founders of the FreeBSD project – and the one who invented ports! Later in the show, we\’ll be showing you some new updates to the OpenBSD router tutorial from a couple weeks ago. We\’ve also got news, your questions and even our first viewer-submitted video, right here on BSD Now.. the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Getting to know your portmgr

• In this interview they talk to one of the \”Annoying Reminder Guys\” – Erwin Lansing, the second longest serving member of FreeBSD\’s portmgr (also vice-president of the FreeBSD Foundation)
• He actually maintains the .dk ccTLD
• Describes FreeBSD as \”the best well-hidden success story in operating systems, by now in the hands of more people than one can count and used by even more people, and not one of them knows it! It’s not only the best operating system currently around, but also the most supportive and inspiring community.\”
• In the next one they speak with Martin Wilke (miwi@) which is strange since he\’s \”on hiatus\” + hasn\’t done anything in a long time
• The usual, \”what inspires you about FreeBSD\” \”how did you get into it\” etc.

vBSDCon wrap-up compilation

• Lots of write-ups about vBSDCon gathered in one place
• Some from OpenBSD guys
• Some from FreeBSD guys
• Some from RootBSD
• Some from iXsystems
• Some from Verisign
• And of course our own wrap-up chat in BSD Now Episode 009

Faces of FreeBSD

• This week they talk to Gábor Páli from Hungary
• Talks about his past as a game programmer and how it got involved with FreeBSD
• \”I met János Háber, who admired the technical merits of FreeBSD and recommended it over the popular GNU/Linux distributions. I downloaded FreeBSD 4.3-RELEASE, found it reliable, consistent, easy to install, update and use.\”
• He\’s been contributing since 2008 and does lots of work with Haskell in ports
• He also organizes EuroBSDCon and is secretary of the FreeBSD Core Team

Dragonfly 3.6 released

• dports now default instead of pkgsrc
• Big SMP scaling improvements
• Experimental i915 and KMS support
• See our interview with Justin Sherrill if you want to hear (a lot) more about it – nearly an hour long
• Matt Dillion’s comments

ZFS TRIM bug on FreeBSD -CURRENT r258632

• Do not upgrade to or past 258632, there is a ZFS TRIM bug that could result in data loss
• If you have already upgraded, disable TRIM with vfs.zfs.trim.enabled=0 immediately
• Roll back to a previous kernel, and then scrub your pool
• A fix is expected shortly

Interview – Jordan Hubbard – jkh@freebsd.org / @omgjkh

FreeBSD\’s founding and future

Tutorial

Building an OpenBSD router, part 2

• Note: there was a mistake in the video version of the tutorial, please consult the written version for the proper instructions.
• A few weeks back we showed you how to build a high performance BSD router
• Lots of work has been done to clean up and reorganize it, it\’s cut up into sections now, also has a new section about power saving
• It\’s been updated for \”switchless\” operation, using a virtual ethernet interface and some bridging magic (special thanks to Ryan for helping me test that)
• This updated guide will show you how to do an all-in-one router to replace your consumer one without any additional hardware
• We\’ll also showcase some extras – the email alerts, errata checking script and SSH/Tor tunnels
• The errata script now auto-detects if you\’re running -release, -stable or -current and acts accordingly; can automatically patch your source code and alert you

News Roundup

pfSense 2.1 on AWS EC2

• We now have pfSense 2.1 available on Amazon’s Elastic Compute Cloud (EC2)
• In keeping with the community spirit, they’re also offering a free \”public\” AMI
• Check the FAQ and User Guide on their site for additional details
• Interesting possibilities with pfSense in the cloud

Puffy on the desktop

• Distrowatch, a primarily Linux-focused site, features an OpenBSD 5.4 review
• They talk about using it on the desktop, how to set it up
• Very long write-up, curious Linux users should give it a read
• Ends with \”Most people will still see OpenBSD as an operating system for servers and firewalls, but OpenBSD can also be used in desktop environments if the user doesn\’t mind a little manual work. The payoff is a very light, responsive system that is unlikely to ever misbehave\”

Two-factor authentication with SSH

• Blog post about using a yubikey with SSH public keys
• Uses a combination of a OTP, BSDAuth and OpenBSD\’s login.conf, but it can be used with PAM on other systems as well
• Allows for two-factor authentication (a la gmail) in case your private key is compromised
• Anyone interested in an extra-hardened SSH server should give it a read

PCBSD weekly digest

• 10.0 has approximately 400 PBIs for public consumption
• They will be merging the GNOME3, MATE and Cinnamon desktops into the 10.0 ports tree – please help test them, this is pretty big news in and of itself!
• PCDM is coming along nicely, more bugs are getting fixed
• Added ZFS dataset options to PCBSD’s new text installer front-end

Feedback/Questions

• Ben writes in: https://slexy.org/view/s2ag1fA7Ug
• Florian writes in: https://slexy.org/view/s2TSIvZzVO
• Zach writes in: https://slexy.org/view/s20Po4soFF
• Addison writes in: https://slexy.org/view/s20ntzqi9c
• Adam writes in: https://slexy.org/view/s2EYJjVKBk
• Adam\’s BSD Router Project tutorial can be downloaded here.

• Lots of links in today\’s show notes, check them out. All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you have stories about how you or your company uses BSD, interesting things you\’ve done, crazy network stories or cool projects, send them to us!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Reminder: the FreeBSD foundation\’s year-end donation is going on, please help out if you can. Happy Thanksgiving!

The post Bridging the Gap | BSD Now 13 first appeared on Jupiter Broadcasting.

We sit down to chat with Justin Sherrill of the DragonflyBSD project about their new 3.6 release. Later on, we\’ll be showing you a huge tutorial that\’s been baking for over a month – how to build an OpenBSD router that\’ll destroy any consumer router on the market! There\’s lots of news to get caught up on as well, so sit back and enjoy some BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

OpenSSH 6.4 released

• Security fixes in OpenSSH don\’t happen very often
• 6.4 fixes a memory corruption problem, no new features
• If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.
• Disabling AES-GCM in the server configuration is a workaround
• Only affects 6.2 and 6.3 if compiled against a newer OpenSSL (so FreeBSD 9\’s base OpenSSL is unaffected, for example)
• Full details here

Getting to know your portmgr-lurkers

• Next entry in portmgr interview series
• This time they chat with Mathieu Arnold, one of the portmgr-lurkers we mentioned previously
• Lots of questions ranging from why he uses BSD to what he had for breakfast
• Another one was since released, with Antoine Brodin aka antoine@

FUSE in OpenBSD

• As we glossed over last week, FUSE was recently added to OpenBSD
• Now the guys from the OpenBSD Journal have tracked down more information
• This version is released under an ISC license
• Should be in OpenBSD 5.5, released a little less than 6 months from now
• Will finally enable things like SSHFS to work in OpenBSD

Automated submission of kernel panic reports

• New tool from Colin Percival
• Saves information about kernel panics and emails it to FreeBSD
• Lets you review before sending so you can edit out any private info
• Automatically encrypted before being sent
• FreeBSD never kernel panics so this won\’t get much use

Interview – Justin Sherrill – justin@shiningsilence.com / @dragonflybsd

DragonflyBSD 3.6 and the Dragonfly Digest

Tutorial

Building an OpenBSD Router

• Replace your crappy consumer router with a custom-built one
• Uses the pf firewall and other built-in OpenBSD utilities
• Very secure, built entirely on top of open source software
• Puts YOU in control of your network

News Roundup

BSD router project 1.5 released

• Nice timing for our router tutorial; TBRP is a FreeBSD distribution for installing on a router
• It\’s an alternative to pfSense, but not nearly as well known or popular
• New version is based on 9.2-RELEASE, includes lots of general updates and bugfixes
• Fits on a 256MB Compact Flash/USB drive

Curve25519 now default key exchange

• We mentioned in an earlier episode about a patch for curve25519
• Now it\’s become the default for key exchange
• Will probably make its way into OpenSSH 6.5, would\’ve been in 6.4 if we didn\’t have that security vulnerability
• It\’s interesting to see all these big changes in cryptography in OpenBSD lately

FreeBSD kernel selection in boot menu

• Adds a kernel selection menu to the beastie menu
• List of kernels is taken from \’kernels\’ in loader.conf as a space or comma separated list of names to display (up to 9)
• From our good buddy Devin Teske

PCBSD weekly digest

• PCDM has officially replaced GDM as the default login manager
• New ISO build scripts (we got a sneak preview last week)
• Lots of bug fixes
• Second set of 10-STABLE ISOs available with new artwork and much more

Theo de Raadt speaking at MUUG

• Theo will be speaking at Manitoba UNIX User Group in Winnipeg
• On Friday, Nov 15, 2013 at 5:30PM (see show notes for the address)
• If you\’re watching the show live you have time to make plans, if you\’re watching the downloaded version it might be happening right now!
• No agenda, but expect some OpenBSD discussion
• We\’ll let you know if there is a recorded version.

Feedback/Questions

• Dave writes in: https://slexy.org/view/s21YXhiLRB
• James writes in: https://slexy.org/view/s215EjcgdM
• Allen writes in (lol): https://slexy.org/view/s21mCP2ecL
• Chess writes in: https://slexy.org/view/s207ePFrna
• Frank writes in: https://slexy.org/view/s20iVFXJve

• The very extensive written version of today\’s tutorial, with lots of extras we didn\’t mention, is posted on bsdnow.tv, as always – give it a read! There are sections about setting up the router to tunnel all (or specific parts of) your traffic through a VPN or Tor, how to make the router automatically check for updates and email them to you, and much more.
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also acceptable)
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post The Gateway Drug | BSD Now 11 first appeared on Jupiter Broadcasting.