Show Notes/Links: https://www.bsdnow.tv/331

The post Why Computers Suck | BSD Now 331 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/329

The post Lucas' Arts | BSD Now 329 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/300

The post The Big Three | BSD Now 300 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/293

The post Booking Jails | BSD Now 293 first appeared on Jupiter Broadcasting.

##Headlines
###Silent Fanless FreeBSD Desktop/Server

Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multiple purposes. It also very low power solution, which also means that it will not overheat. Silent means no fans at all, even for the PSU. The format of the system should also be brought to minimum, so Mini-ITX seems best solution here.

I have chosen Intel based solutions as they are very low power (6-10W), if you prefer AMD (as I often do) the closest solution in comparable price and power is Biostar A68N-2100 motherboard with AMD E1-2100 CPU and 9W power. Of course AMD has even more low power SoC solutions but finding the Mini-ITX motherboard with decent price is not an easy task. For comparison Intel has lots of such solutions below 6W whose can be nicely filtered on the ark.intel.com page. Pity that AMD does not provide such filtration for their products. I also chosen AES instructions as storage encryption (GELI on FreeBSD) today seems as obvious as HTTPS for the web pages.

• Here is how the system look powered up and working

This motherboard uses Intel J3355 SoC which uses 10W and has AES instructions. It has two cores at your disposal but it also supports VT-x and EPT extensions so you can even run Bhyve on it.

• Components

Now, an example system would look like that one below, here are the components with their prices.

• $49 CPU/Motherboard ASRock J3355B-ITX Mini-ITX
• $14 RAM Crucial 4 GB DDR3L 1.35V (low power)
• $17 PSU 12V 160W Pico (internal)
• $11 PSU 12V 96W FSP (external)
• $5 USB 2.0 Drive 16 GB ADATA
• $4 USB Wireless 802.11n
• $100 TOTAL

The PSU 12V 160W Pico (internal) and PSU 12V 96W FSP can be purchased on aliexpress.com or ebay.com for example, at least I got them there. Here is the 12V 160W Pico (internal) PSU and its optional additional cables to power the optional HDDs. If course its one SATA power and one MOLEX power so additional MOLEX-SATA power adapter for about 1$ would be needed. Here is the 12V 96W FSP (external) PSU without the power cord.

This gives as total silent fanless system price of about $120. Its about ONE TENTH OF THE COST of the cheapest FreeNAS hardware solution available – the FreeNAS Mini (Diskless) costs $1156 also without disks.

You can put plain FreeBSD on top of it or Solaris/Illumos distribution OmniOSce which is server oriented. You can use prebuilt NAS solution based on FreeBSD like FreeNAS, NAS4Free, ZFSguru or even Solaris/Illumos based storage with napp-it appliance.

###An annotated look at a NetBSD Pinebook’s startup

• Pinebook is an affordable 64-bit ARM notebook. Today we’re going to take a look at the kernel output at startup and talk about what hardware support is available on NetBSD.
• Photo
• Pinebook comes with 2GB RAM standard. A small amount of this is reserved by the kernel and framebuffer.
• NetBSD uses flattened device-tree (FDT) to enumerate devices on all Allwinner based SoCs. On a running system, you can inspect the device tree using the ofctl(8) utility:
• Pinebook’s Allwinner A64 processor is based on the ARM Cortex-A53. It is designed to run at frequencies up to 1.2GHz.
• The A64 is a quad core design. NetBSD’s aarch64 pmap does not yet support SMP, so three cores are disabled for now.
• The interrupt controller is a standard ARM GIC-400 design.
• Clock drivers for managing PLLs, module clock dividers, clock gating, software resets, etc. Information about the clock tree is exported in the hw.clk sysctl namespace (root access required to read these values).

# sysctl hw.clk.sun50ia64ccu0.mmc2
hw.clk.sun50ia64ccu0.mmc2.rate = 200000000
hw.clk.sun50ia64ccu0.mmc2.parent = pll_periph0_2x
hw.clk.sun50ia64ccu0.mmc2.parent_domain = sun50ia64ccu0

Digital Ocean
https://do.co/bsdnow

###BSDCan 2018 Trip Report: Mark Johnston

BSDCan is a highlight of my summers: the ability to have face-to-face conversations with fellow developers and contributors is invaluable and always helps refresh my enthusiasm for FreeBSD. While in a perfect world we would all be able to communicate effectively over the Internet, it’s often noted that locking a group of developers together in a room can be a very efficient way to make progress on projects that otherwise get strung out over time, and to me this is one of the principal functions of BSD conferences. In my case I was able to fix some kgdb bugs that had been hindering me for months; get some opinions on the design of a feature I’ve been working on for FreeBSD 12.0; hear about some ongoing usage of code that I’ve worked on; and do some pair-debugging of an issue that has been affecting another developer.
As is tradition, on Tuesday night I dropped off my things at the university residence where I was staying, and headed straight to the Royal Oak. This year it didn’t seem quite as packed with BSD developers, but I did meet several long-time colleagues and get a chance to catch up. In particular, I chatted with Justin Hibbits and got to hear about the bring-up of FreeBSD on POWER9, a new CPU family released by IBM. Justin was able to acquire a workstation based upon this CPU, which is a great motivator for getting FreeBSD into shape on that platform. POWER9 also has some promise in the server market, so it’s important for FreeBSD to be a viable OS choice there.
Wednesday morning saw the beginning of the two-day FreeBSD developer summit, which precedes the conference proper. Gordon Tetlow led the summit and did an excellent job organizing things and keeping to the schedule. The first presentation was by Deb Goodkin of the FreeBSD Foundation, who gave an overview of the Foundation’s role and activities. After Deb’s presentation, present members of the FreeBSD core team discussed the work they had done over the past two years, as well as open tasks that would be handed over to the new core team upon completion of the ongoing election. Finally, Marius Strobl rounded off the day’s presentations by discussing the state and responsibilities of FreeBSD’s release engineering team.
One side discussion of interest to me was around the notion of tightening integration with our Bugzilla instance; at moment we do not have any good means to mark a given bug as blocking a release, making it easy for bugs to slip into releases and thus lowering our overall quality. With FreeBSD 12.0 upon us, I plan to help with the triage and fixes for known regressions before the release process begins.
After a break, the rest of the morning was devoted to plans for features in upcoming FreeBSD releases. This is one of my favorite discussion topics and typically takes the form of have/need/want, where developers collectively list features that they’ve developed and intend to upstream (have), features that they are missing (need), and nice-to-have features (want). This year, instead of the usual format, we listed features that are intended to ship in FreeBSD 12.0. The compiled list ended up being quite ambitious given how close we are to the beginning of the release cycle, but many individual developers (including myself) have signed up to deliver work. I’m hopeful that most, if not all of it, will make it into the release.
After lunch, I attended a discussion led by Matt Ahrens and Alexander Motin on OpenZFS. Of particular interest to me were some observations made regarding the relative quantity and quality of contributions made by different “camps” of OpenZFS users (illumos, FreeBSD and ZoL), and their respective track records of upstreaming enhancements to the OpenZFS project. In part due to the high pace of changes in ZoL, the definition of “upstream” for ZFS has become murky, and of late ZFS changes have been ported directly from ZoL. Alexander discussed some known problems with ZFS on FreeBSD that have been discovered through performance testing. While I’m not familiar with ZFS internals, Alexander noted that ZFS’ write path has poor SMP scalability on FreeBSD owing to some limitations in a certain kernel API called taskqueue(9). I would like to explore this problem further and perhaps integrate a relatively new alternative interface which should perform better.
Friday and Saturday were, of course, taken up by BSDCan talks. Friday’s keynote was by Benno Rice, who provided some history of UNIX boot systems as a precursor to some discussion of systemd and the difficulties presented by a user and developer community that actively resist change. The rest of the morning was consumed by talks and passed by quickly. First was Colin Percival’s detailed examination of where the FreeBSD kernel spends time during boot, together with an overview of some infrastructure he added to track boot times. He also provided a list of improvements that have been made since he started taking measurements, and some areas we can further improve. Colin’s existing work in this area has already brought about substantial reductions in boot time; amusingly, one of the remaining large delays comes from the keyboard driver, which contains a workaround for old PS/2 keyboards. While there seems to be general agreement that the workaround is probably no longer needed on most systems, the lingering uncertainty around this prevents us from removing the workaround. This is, sadly, a fairly typical example of an OS maintenance burden, and underscores the need to carefully document hardware bug workarounds. After this talk, I got to see some rather novel demonstrations of system tracing using dwatch, a new utility by Devin Teske, which aims to provide a user-friendly interface to DTrace. After lunch, I attended talks on netdump, a protocol for transmitting kernel dumps over a network after the system has panicked, and on a VPC implementation for FreeBSD. After the talks ended, I headed yet again to the hacker lounge and had some fruitful discussions on early microcode loading (one of my features for FreeBSD 12.0). These led me to reconsider some aspects of my approach and saved me a lot of time. Finally, I continued my debugging session from Wednesday with help from a couple of other developers.
Saturday’s talks included a very thorough account by Li-Wen Hsu of his work in organizing a BSD conference in Taipei last year. As one of the attendees, I had felt that the conference had gone quite smoothly and was taken aback by the number of details and pitfalls that Li-Wen enumerated during his talk. This was followed by an excellent talk by Baptiste Daroussin on the difficulties one encounters when deploying FreeBSD in new environments. Baptiste offered criticisms of a number of aspects of FreeBSD, some of which hit close to home as they involved portions of the system that I’ve worked on.
At the conclusion of the talks, we all gathered in the main lecture hall, where Dan led a traditional and quite lively auction for charity. I managed to snag a Pine64 board and will be getting FreeBSD installed on it the first chance I get. At the end of the auction, we all headed to ByWard for dinner, concluding yet another BSDCan.

• Thanks to Mark for sharing his experiences at this years BSDCan

##News Roundup
###Transparent network audio with mpd & sndiod

Landry Breuil (landry@ when wearing his developer hat) wrote in…

I've been a huge fan of MPD over the years to centralize my audio collection, and i've been using it with the http output to stream the music as a radio on the computer i'm currently using…

audio_output {
       type            "sndio"
       name            "Local speakers"
       mixer_type      "software"
}
audio_output {
       type            "httpd"
       name            "HTTP stream"
       mixer_type      "software"
       encoder         "vorbis"
       port            "8000"
       format          "44100:16:2"
}
this setup worked for years, allows me to stream my home radio to $work by tunnelling the port 8000 over ssh via LocalForward, but that still has some issues:

a distinct timing gap between the 'local output' (ie the speakers connected to the machine where MPD is running) and the 'http output' caused by the time it takes to reencode the stream, which is ugly when you walk through the house and have a 15s delay
sometimes mplayer as a client doesn't detect the pauses in the stream and needs to be restarted
i need to configure/start a client on each computer and point it at the sound server url (can do via gmpc shoutcast client plugin…)
it's not that elegant to reencode the stream, and it wastes cpu cycles
So the current scheme is:

mpd -> http output -> network -> mplayer -> sndiod on remote machine
|
-> sndio output -> sndiod on soundserver
Fiddling a little bit with mpd outputs and reading the sndio output driver, i remembered sndiod has native network support… and the mpd sndio output allows you to specify a device (it uses SIO_DEVANY by default).

So in the end, it's super easy to:

enable network support in sndio on the remote machine i want the audio to play by adding -L<local ip> to sndiod_flags (i have two audio devices, with an input coming from the webcam):
sndiod_flags="-L10.246.200.10 -f rsnd/0 -f rsnd/1"
open pf on port 11025 from the sound server ip:
pass in proto tcp from 10.246.200.1 to any port 11025
configure a new output in mpd:
audio_output {
       type            "sndio"
       name            "sndio on renton"
       device          "snd@10.246.200.10/0"
       mixer_type      "software"
}
and enable the new output in mpd:
$mpc enable 2
Output 1 (Local speakers) is disabled
Output 2 (sndio on renton) is enabled
Output 3 (HTTP stream) is disabled
Results in a big win: no gap anymore with the local speakers, no reencoding, no need to configure a client to play the stream, and i can still probably reproduce the same scheme over ssh from $work using a RemoteForward.

mpd -> sndio output 2 -> network -> sndiod on remote machine
|
-> sndio output 1 -> sndiod on soundserver
Thanks ratchov@ for sndiod :)

###MirBSD’s Korn Shell on Plan9 Jehanne

Let start by saying that I’m not really a C programmer.
My last public contribution to a POSIX C program was a little improvement to the Snort’s react module back in 2008.
So while I know the C language well enough, I do not know anything about the subtleness of the standard library and I have little experience with POSIX semantics.
This is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX.
So I ported RedHat’s newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first.
I approached MirBSD’s Korn Shell for several reason:

• it is simple, powerful and well written
• it has been ported to several different operating systems
• it has few dependencies
• it’s the default shell in Android, so it’s really battle tested

I was very confident. I had read the POSIX standard after all! And I had a test suite!
I remember, I thought “Given newlib, how hard can it be?”
The porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later.
Turn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn’t understood most POSIX semantics at all!

iXsystems

###Static site generator with rsync and lowdown on OpenBSD

• ssg is a tiny POSIX-compliant shell script with few dependencies:

• lowdown(1) to parse markdown,

• rsync(1) to copy temporary files, and

• entr(1) to watch file changes.

• It generates Markdown articles to a static website.

• It copies the current directory to a temporary on in /tmp skipping .* and _*, renders all Markdown articles to HTML, generates RSS feed based on links from index.html, extracts the first <h1> tag from every article to generate a sitemap and use it as a page title, then wraps articles with a single HTML template, copies everything from the temporary directory to $DOCS/

Why not Jekyll or “$X”?

• ssg is one hundred times smaller than Jekyll.

ssg and its dependencies are about 800KB combined. Compare that to 78MB of ruby with Jekyll and all the gems. So ssg can be installed in just few seconds on almost any Unix-like operating system.
Obviously, ssg is tailored for my needs, it has all features I need and only those I use.
Keeping ssg helps you to master your Unix-shell skills: awk, grep, sed, sh, cut, tr. As a web developer you work with lots of text: code and data. So you better master these wonderful tools.

• Performance

100 pps. On modern computers ssg generates a hundred pages per second. Half of a time for markdown rendering and another half for wrapping articles into the template. I heard good static site generators work—twice as fast—at 200 pps, so there’s lots of performance that can be gained.

###Why does FreeBSD have virtually no (0%) desktop market share?

• Because someone made a horrible design decision back in 1984.

In absolute fairness to those involved, it was an understandable decision, both from a research perspective, and from an economic perspective, although likely not, from a technology perspective.

• Why and what.

The decision was taken because the X Window System was intended to run on cheap hardware, and, at the time, that meant reduced functionality in the end-point device with the physical display attached to it.
At the same time, another force was acting to also limit X displays to display services only, rather than rolling in both window management and specific widget instances for common operational paradigms.
Mostly, common operational paradigms didn’t really exist for windowing systems because they also simply didn’t exist at the time, and no one really knew how people were going to use the things, and so researchers didn’t want to commit future research to a set of hard constraints.
So a decision was made: separate the display services from the application at the lowest level of graphics primitives currently in use at the time.

• The ramifications of this were pretty staggering.

First, it guaranteed that all higher level graphics would live on the host side of the X protocol, instead of on the display device side of the protocol.
Despite a good understanding of Moore’s law, and the fact that, since no X Terminals existed at the time as hardware, but were instead running as emulations on workstations that had sufficient capability, this put the higher level GUI object libraries — referred to as “widgets” — in host libraries linked into the applications.
Second, it guaranteed that display organization and management paradigms would also live on the host side of the protocol — assumed, in contradiction to the previous decision, to be running on the workstation.
But, presumably, at some point, as lightweight X Terminals became available, to migrate to a particular host computer managing compute resource login/access services.

• Between these early decisions reigned chaos.

Specifically, the consequences of these decisions have been with us ever since:
Look-and-feel are a consequence of the toolkit chosen by the application programmer, rather than a user decision which applies universally to all applications.
You could call this “lack of a theme”, and — although I personally despise the idea of customizing or “theming” desktops — this meant that one paradigm chosen by the user would not apply universally across all applications, no matter who had written them.
Window management style is a preference.
You could call this a more radical version of “theming” — which you will remember, I despise — but a consequence to this is that training is not universal across personnel using such systems, nor is it transferrable.
In other words, I can’t send someone to a class, and have them come back and use the computers in the office as a tool, with the computer itself — and the elements not specific to the application itself — disappearing into the background.
Both of these ultimately render an X-based system unsuitable for desktops.
I can’t pay once for training. Training that I do pay for does not easily and naturally translate between applications. Each new version may radically alter the desktop management paradigm into unrecognizability.

• Is there hope for the future?

Well, the Linux community has been working on something called Wayland, and it is very promising…
…In the same way X was “very promising” in 1984, because, unfortunately, they are making exactly the same mistakes X made in 1984, rather than correcting them, now that we have 20/20 hindsight, and know what a mature widget library should look like.
So Wayland is screwing up again.
But hey, it only took us, what, 25 years to get from X in 1987 to Wayland in in 2012.
Maybe if we try again in 2037, we can get to where Windows was in 1995.

##Beastie Bits

• New washing machine comes with 7 pages of open source licenses!
• BSD Jobs Site
• FreeBSD Foundation Update, May 2018
• FreeBSD Journal looking for book reviewers
• zedenv ZFS Boot Environment Manager

Tarsnap

##Feedback/Questions

• Wouter – Feedback
• Efraim – OS Suggestion
• kevr – Raspberry Pi2/FreeBSD/Router on a Stick
• Vanja – Interview Suggestion

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Silence of the Fans | BSD Now 253 first appeared on Jupiter Broadcasting.

##Headlines##
###TrueOS to Focus on Core Operating System

The TrueOS Project has some big plans in the works, and we want to take a minute and share them with you. Many have come to know TrueOS as the “graphical FreeBSD” that makes things easy for newcomers to the BSDs. Today we’re announcing that TrueOS is shifting our focus a bit to become a cutting-edge operating system that keeps all of the stability that you know and love from ZFS (OpenZFS) and FreeBSD, and adds additional features to create a fresh, innovative operating system. Our goal is to create a core-centric operating system that is modular, functional, and perfect for do-it-yourselfers and advanced users alike.

TrueOS will become a downstream fork that will build on FreeBSD by integrating new software technologies like OpenRC and LibreSSL. Work has already begun which allows TrueOS to be used as a base platform for other projects, including JSON-based manifests, integrated Poudriere / pkg tools and much more. We’re planning on a six month release cycle to keep development moving and fresh, allowing us to bring you hot new features to ZFS, bhyve and related tools in a timely manner. This makes TrueOS the perfect fit to serve as the basis for building other distributions.

Some of you are probably asking yourselves “But what if I want to have a graphical desktop?” Don’t worry! We’re making sure that everyone who knows and loves the legacy desktop version of TrueOS will be able to continue using a FreeBSD-based, graphical operating system in the future. For instance, if you want to add KDE, just use sudo pkg install kde and voila! You have your new shiny desktop. Easy right? This allows us to get back to our roots of being a desktop agnostic operating system. If you want to add a new desktop environment, you get to pick the one that best suits your use.

We know that some of you will still be looking for an out-of-the-box solution similar to legacy PC-BSD and TrueOS. We’re happy to announce that Project Trident will take over graphical FreeBSD development going forward. Not much is going to change in that regard other than a new name! You’ll still have Lumina Desktop as a lightweight and feature-rich desktop environment and tons of utilities from the legacy TrueOS toolchain like sysadm and AppCafe. There will be migration paths available for those that would like to move to other FreeBSD-based distributions like Project Trident or GhostBSD.

We look forward to this new chapter for TrueOS and hope you will give the new edition a spin! Tell us what you think about the new changes by leaving us a comment. Don’t forget you can ask us questions on our Twitter and be a part of our community by joining the new TrueOS Forums when they go live in about a week. Thanks for being a loyal fan of TrueOS.

###Project Trident FAQ

• Q: Why did you pick the name “Project Trident”?

A: We were looking for a name that was unique, yet would still relate to the BSD community. Since Beastie (the FreeBSD mascot) is always pictured with a trident, it felt like that would be a great name.

• Q: Where can users go for technical support?

A: At the moment, Project Trident will continue sharing the TrueOS community forums and Telegram channels. We are currently evaluating dedicated options for support channels in the future.

• Q: Can I help contribute to the project?

A: We are always looking for developers who want to join the project. If you’re not a developer you can still help, as a community project we will be more reliant on contributions from the community in the form of how-to guides and other user-centric documentation and support systems.

• Q: How is the project supported financially?

A: Project Trident is sponsored by the community, from both individuals and corporations. iXsystems has stepped up as the first enterprise-level sponsor of the project, and has been instrumental in getting Project Trident up and running. Please visit the Sponsors page to see all the current sponsors.

• Q: How can I help support the project financially?

A: Several methods exist, from one time or recurring donations via Paypal to limited time swag t-shirt campaigns during the year. We are also looking into more alternative methods of support, so please visit the Sponsors page to see all the current methods of sponsorship.

• Q: Will there be any transparency of the financial donations and expenditures?

A: Yes, we will be totally open with how much money comes into the project and what it is spent on. Due to concerns of privacy, we will not identify individuals and their donation amounts unless they specifically request to be identified. We will release a monthly overview in/out ledger, so that community members can see where their money is going.

• Relationship with TrueOS

• Project Trident does have very close ties to the TrueOS project, since most of the original Project Trident developers were once part of the TrueOS project before it became a distribution platform. For users of the TrueOS desktop, we have some additional questions and answers below.

• Q: Do we need to be at a certain TrueOS install level/release to upgrade?

A: As long as you have a TrueOS system which has been updated to at least the 18.03 release you should be able to just perform a system update to be automatically upgraded to Project Trident.

• Q: Which members moved from TrueOS to Project Trident?

A: Project Trident is being led by prior members of the TrueOS desktop team. Ken and JT (development), Tim (documentation) and Rod (Community/Support). Since Project Trident is a community-first project, we look forward to working with new members of the team.

iXsystems

###BSDCan

• BSDCan finished Saturday last week
• It started with the GoatBoF on Tuesday at the Royal Oak Pub, where people had a chance to meet and greet. Benedict could not attend due to an all-day FreeBSD Foundation meeting and and even FreeBSD Journal Editorial Board meeting.
• The FreeBSD devsummit was held the next two days in parallel to the tutorials. Gordon Tetlow, who organized the devsummit, opened the devsummit. Deb Goodkin from the FreeBSD Foundation gave the first talk with a Foundation update, highlighting current and future efforts. Li-Wen Hsu is now employed by the Foundation to assist in QA work (Jenkins, CI/CD) and Gordon Tetlow has a part-time contract to help secteam as their secretary.
• Next, the FreeBSD core team (among them Allan and Benedict) gave a talk about what has happened this last term. With a core election currently running, some of these items will carry over to the next core team, but there were also some finished ones like the FCP process and FreeBSD members initiative. People in the audience asked questions on various topics of interest.
• After the coffee break, the release engineering team gave a talk about their efforts in terms of making releases happen in time and good quality.
• Benedict had to give his Ansible tutorial in the afternoon, which had roughly 15 people attending. Most of them beginners, we could get some good discussions going and I also learned a few new tricks. The overall feedback was positive and one even asked what I’m going to teach next year.
• The second day of the FreeBSD devsummit began with Gordon Tetlow giving an insight into the FreeBSD Security team (aka secteam). He gave a overview of secteam members and responsibilities, explaining the process based on a long past advisory. Developers were encouraged to help out secteam. NDAs and proper disclosure of vulnerabilities were also discussed, and the audience had some feedback and questions.
• When the coffee break was over, the FreeBSD 12.0 planning session happened. A Google doc served as a collaborative way of gathering features and things left to do. People signed up for it or were volunteered. Some features won’t make it into 12.0 as they are not 100% ready for prime time and need a few more rounds of testing and bugfixing. Still, 12.0 will have some compelling features.
• A 360° group picture was taken after lunch, and then people split up into the working groups for the afternoon or started hacking in the UofO Henderson residence.
• Benedict and Allan both attended the OpenZFS working group, lead by Matt Ahrens. He presented the completed and outstanding work in FreeBSD, without spoiling too much of the ZFS presentations of various people that happened later at the conference.
• Benedict joined the boot code session a bit late (hallway track is the reason) when most things seem to have already been discussed.
• BSDCan 2018 — Ottawa (In Pictures)
• iXsystems Photos from BSDCan 2018

##News Roundup
###June HardenedBSD Foundation Update

We at HardenedBSD are working towards starting up a 501©(3) not-for-profit organization in the USA. Setting up this organization will allow future donations to be tax deductible. We’ve made progress and would like to share with you the current state of affairs.

We have identified, sent invitations out, and received acceptance letters from six people who will serve on the HardenedBSD Foundation Board of Directors. You can find their bios below. In the latter half of June 2018 or the beginning half of July 2018, we will meet for the first time as a board and formally begin the process of creating the documentation needed to submit to the local, state, and federal tax services.

Here’s a brief introduction to those who will serve on the board:

• W. Dean Freeman (Advisor): Dean has ten years of professional experience with deploying and security Unix and networking systems, including assessing systems security for government certification and assessing the efficacy of security products. He was introduced to Unix via FreeBSD 2.2.8 on an ISP shell account as a teenager. Formerly, he was the Snort port maintainer for FreeBSD while working in the Sourcefire VRT, and has contributed entropy-related patches to the FreeBSD and HardenedBSD projects – a topic on which he presented at vBSDCon 2017.

• Ben La Monica (Advisor): Ben is a Senior Technology Manager of Software Engineering at Morningstar, Inc and has been developing software for over 15 years in a variety of languages. He advocates open source software and enjoys tinkering with electronics and home automation.

• George Saylor (Advisor): George is a Technical Directory at G2, Inc. Mr. Saylor has over 28 years of information systems and security experience in a broad range of disciplines. His core focus areas are automation and standards in the event correlation space as well as penetration and exploitation of computer systems. Mr Saylor was also a co-founder of the OpenSCAP project.

• Virginia Suydan (Accountant and general administrator): Accountant and general administrator for the HardenedBSD Foundation. She has worked with Shawn Webb for tax and accounting purposes for over six years.

• Shawn Webb (Director): Co-founder of HardenedBSD and all-around infosec wonk. He has worked and played in the infosec industry, doing both offensive and defensive research, for around fifteen years. He loves open source technologies and likes to frustrate the bad guys.

• Ben Welch (Advisor): Ben is currently a Security Engineer at G2, Inc. He graduated from Pennsylvania College of Technology with a Bachelors in Information Assurance and Security. Ben likes long walks, beaches, candlelight dinners, and attending various conferences like BSides and ShmooCon.

###Your own VPN with OpenIKED & OpenBSD

Remote connectivity to your home network is something I think a lot of people find desirable. Over the years, I’ve just established an SSH tunnel and use it as a SOCKS proxy, sending my traffic through that. It’s a nice solution for a “poor man’s VPN”, but it can be a bit clunky, and it’s not great having to expose SSH to the world, even if you make sure to lock everything down

I set out the other day to finally do it properly. I’d come across this great post by Gordon Turner: OpenBSD 6.2 VPN Endpoint for iOS and macOS

Whilst it was exactly what I was looking for, it outlined how to set up an L2TP VPN. Really, I wanted IKEv2 for performance and security reasons (I won’t elaborate on this here, if you’re curious about the differences, there’s a lot of content out on the web explaining this).

The client systems I’d be using have native support for IKEv2 (iOS, macOS, other BSD systems). But, I couldn’t find any tutorials in the same vein.

So, let’s get stuck in!

• A quick note

This guide will walk through the set up of an IKEv2 VPN using OpenIKED on OpenBSD. It will detail a “road warrior” configuration, and use a PSK (pre-shared-key) for authentication. I’m sure it can be easily adapted to work on any other platforms that OpenIKED is available on, but keep in mind my steps are specifically for OpenBSD.

• Server Configuration

As with all my home infrastructure, I crafted this set-up declaratively. So, I had the deployment of the VM setup in Terraform (deployed on my private Triton cluster), and wrote the configuration in Ansible, then tied them together using radekg/terraform-provisioner-ansible.

One of the reasons I love Ansible is that its syntax is very simplistic, yet expressive. As such, I feel it fits very well into explaining these steps with snippets of the playbook I wrote. I’ll link the full playbook a bit further down for those interested.

• See the full article for the information on:
• sysctl parameters
• The naughty list (optional)
• Configure the VPN network interface
• Configure the firewall
• Configure the iked service
• Gateway configuration
• Client configuration
• Troubleshooting

DigitalOcean

###FreeBSD on a System76 Galago Pro

Hey all, It’s been a while since I last posted but I thought I would hammer something out here. My most recent purchase was a System76 Galago Pro. I thought, afer playing with POP! OS a bit, is there any reason I couldn’t get BSD on this thing. Turns out the answer is no, no there isnt and it works pretty decently.

To get some accounting stuff out of the way I tested this all on FreeBSD Head and 11.1, and all of it is valid as of May 10, 2018. Head is a fast moving target so some of this is only bound to improve.

• The hardware

• Intel Core i5 Gen 8

• UHD Graphics 620

• 16 GB DDR4 Ram

• RTL8411B PCI Express Card Reader

• RTL8111 Gigabit ethernet controller

• Intel HD Audio

• Samsung SSD 960 PRO 512GB NVMe

• The caveats

There are a few things that I cant seem to make work straight out of the box, and that is the SD Card reader, the backlight, and the audio is a bit finicky. Also the trackpad doesn’t respond to two finger scrolling. The wiki is mostly up to date, there are a few edits that need to be made still but there is a bug where I cant register an account yet so I haven’t made all the changes.

• Processor

It works like any other Intel processor. Pstates and throttling work.

• Graphics

The boot menu sets itself to what looks like 1024×768, but works as you expect in a tiny window. The text console does the full 3200×1800 resolution, but the text is ultra tiny. There isnt a font for the console that covers hidpi screens yet. As for X Windows it requres the drm-kmod-next package. Once installed follow the directions from the package and it works with almost no fuss. I have it running on X with full intel acceleration, but it is running at it’s full 3200×1800 resolution, to scale that down just do xrandr –output eDP-1 –scale 0.5×0.5 it will blow it up to roughly 200%. Due to limitations with X windows and hidpi it is harder to get more granular.

• Intel Wireless 8265

The wireless uses the iwm module, as of right now it does not seem to automagically load right now. Adding iwm_load=“YES” will cause the module to load on boot and kldload iwm

• Battery

I seem to be getting about 5 hours out of the battery, but everything reports out of the box as expected. I could get more by throttling the CPU down speed wise.

• Overall impression

It is a pretty decent experience. While not as polished as a Thinkpad there is a lot of potential with a bit of work and polishing. The laptop itself is not bad, the keyboard is responsive. The build quality is pretty solid. My only real complaint is the trackpad is stiff to click and sort of tiny. They seem to be a bit indifferent to non linux OSes running on the gear but that isnt anything new. I wont have any problems using it and is enough that when I work through this laptop, but I’m not sure at this stage if my next machine will be a System76 laptop, but they have impressed me enough to put them in the running when I go to look for my next portable machine but it hasn’t yet replaced the hole left in my heart by lenovo messing with the thinkpad.

###Hardware accelerated AES/HMAC-SHA on octeons

In this commit, visa@ submitted code (disabled for now) to use built-in acceleration on octeon CPUs, much like AESNI for x86s.

I decided to test tcpbench(1) and IPsec, before and after updating and enabling the octcrypto(4) driver.

I didn't capture detailed perf stats from before the update, I had heard someone say that Edgerouter Lite boxes would only do some 6MBit/s over ipsec, so I set up a really simple ipsec.conf with ike esp from A to B leading to a policy of

esp tunnel from A to B spi 0xdeadbeef auth hmac-sha2-256 enc aes
going from one ERL to another (I collect octeons, so I have a bunch to test with) and let tcpbench run for a while on it. My numbers hovered around 7Mbit/s, which coincided with what I've heard, and also that most of the CPU gets used while doing it.
Then I edited /sys/arch/octeon/conf/GENERIC, removed the # from octcrypto0 at mainbus0 and recompiled. Booted into the new kernel and got a octcrypto0 line in dmesg, and it was time to rock the ipsec tunnel again. The crypto algorithm and HMAC used by default on ipsec coincides nicely with the list of accelerated functions provided by the driver.

Before we get to tunnel traffic numbers, just one quick look at what systat pigs says while the ipsec is running at full steam:

     PID USER        NAME                 CPU     20\    40\    60\    80\  100\
   58917 root        crypto             52.25 #################
   42636 root        softnet            42.48 ##############
                     (idle)             29.74 #########
    1059 root        tcpbench           24.22 #######
   67777 root        crynlk             19.58 ######
So this indicates that the load from doing ipsec and generating the traffic is somewhat nicely evened out over the two cores in the Edgerouter, and there's even some CPU left unused, which means I can actually ssh into it and have it usable. I have had it running for almost 2 days now, moving some 2.1TB over the tunnel.
Now for the new and improved performance numbers:

   204452123        4740752       37.402  100.00% 
Conn:   1 Mbps:       37.402 Peak Mbps:       58.870 Avg Mbps:       37.402
   204453149        4692968       36.628  100.00% 
Conn:   1 Mbps:       36.628 Peak Mbps:       58.870 Avg Mbps:       36.628
   204454167        5405552       42.480  100.00% 
Conn:   1 Mbps:       42.480 Peak Mbps:       58.870 Avg Mbps:       42.480
   204455188        5202496       40.804  100.00% 
Conn:   1 Mbps:       40.804 Peak Mbps:       58.870 Avg Mbps:       40.804
   204456194        5062208       40.256  100.00% 
Conn:   1 Mbps:       40.256 Peak Mbps:       58.870 Avg Mbps:       40.256

The tcpbench numbers fluctuate up and down a bit, but the output is nice enough to actually keep tabs on the peak values. Peaking to 58.8MBit/s! Of course, as you can see, the average is lower but nice anyhow.

A manyfold increase in performance, which is good enough in itself, but also moves the throughput from a speed that would make a poor but cheap gateway to something actually useful and decent for many home network speeds. Biggest problem after this gets enabled will be that my options to buy cheap used ERLs diminish.

##Beastie Bits

• Using FreeBSD Text Dumps
• llvm’s lld now the default linker for amd64 on FreeBSD
• Author Discoverability
• Pledge and Unveil in OpenBSD {pdf}
• EuroBSDCon 2018 CFP Closes June 17, hurry up and get your submissions in
• Just want to attend, but need help getting to the conference? Applications for the Paul Schenkeveld travel grant accepted until June 15th

Tarsnap

##Feedback/Questions

• Casey – ZFS on Digital Ocean
• Jürgen – A Question
• Kevin – Failover best practice
• Dennis – SQL

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post BSDCan 2018 Recap | BSD Now 250 first appeared on Jupiter Broadcasting.

Show Notes/Links: linuxunplugged.com/253

The post Personalities Happen | LINUX Unplugged 253 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Yellow dots give you away

• How to remove the yellow dots

• List of Printers Which Do or Do Not Display Tracking Dots – no longer updated

• More on Steganography: in pornography

Hiding command and control in plain text

• The ESET report

libtrue

• HOME page

• GitHub page

• FreeBSD port

• Code of Conduct

• 34 watches on GitHub

• Libraries.io entry

• subreddit

Feedback

• Quadrupled photos

• Apple laptop repair place – Brickfence

• Low power pfSense & pfSense 2.5

Round Up:

• 8,000 Vulnerabilities Found in Pacemakers
  

• Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA

• Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider

• Microsoft Azure adds OpenBSD support

• Watch what government is looking at

The post Comment & Control | TechSNAP 323 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Malware hosted in your browser

• Last show, we talked about malware, blocking it via URLs, and malware which spoofs the domain names, thereby bypassing many URL-based filters.
• This show, we have an instance of malware which completely defeats all of the above, in a very simple and clever way.
• A common way to steal credentials is hosting a webpage which looks a lot like the real thing. Google, Facebook, Paypal, etc are all targets of this. It is simple to do. Just throw up a web page, and start directing people to it.
• Lots of ways to defeat this with conventional tools
• This method bypasses all those tools
• Tom Scott tweeted about malware he received via email.
• when you click on the link, you get what appears to be a Google Login page.
• The URI is of the form: data:text/html,https…… lots of spaces <script src=date:text/html;…. etc
• However, it is hosted entirely within your browser
• Matt Hughes reportrd that Andriod actually tries to autofill his Google account credentials on that data URI
• This has been around at least a year, and was written about by linkcabin
  spoofs the login page by hosting it in your browser.
• Suprisingly common and is often using to phish Google or Paypal

Bug Bounty – GitHub Enterprise SQL Injection

• This story involves responsible research and disclosure by Orange Tsai
• GitHub Enterprise is the on-premises version of GitHub.com that you can deploy a whole GitHub service in your private network for businesses
• You can get 45-days free trial and download the VM from enterprise.github.com.
• Code is downloaded, configured, and observations begin.
• GitHub uses a custom library to obfuscate their source code. If you search for ruby_concealer.so on Google, you will find a snippet in a gist.
• The first two days are getting the VM running etc.
• Day 3-5 are learning Rails by code reviewing.
• On 6, an SQL Injection is found

Feedback:

• Hiring senior sysadmins who listen to TechSNAP and BSDNow

War Story:

• Broken out-going mail from cellphone

Round Up:

• BSDCan Call for Papers
• PGCON Call for Papers
• FTC Sues D-Link Over Insecure Routers, Cameras
• TV anchor says live on-air ‘Alexa, order me a dollhouse’ – guess what happens next

The post Internet of Voice Triggers | TechSNAP 302 first appeared on Jupiter Broadcasting.

It’s already our two-year anniversary! This time on the show, we’ll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year’s vBSDCon. What’s it have to offer in that’s different in the BSD conference space? We’ll find out!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

OpenBSD hypervisor coming soon

• Our buddy Mike Larkin never rests, and he posted some very tight-lipped console output on Twitter recently
• From what little he revealed at the time, it appeared to be a new hypervisor (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled “vmm”
• Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is
• Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation
• One thing to note: this isn’t just a port of something like Xen or Bhyve; it’s all-new code, and Mike explains why he chose to go that route
• He also answered some basic questions about the requirements, when it’ll be available, what OSes it can run, what’s left to do, how to get involved and so on

Why FreeBSD should not adopt launchd

• Last week we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD
• One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we’ve learned)
• In this article, the author talks about why he thinks this is a bad idea
• He doesn’t oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself – this is also explained in more detail
• The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities
• Reddit had quite a bit to say about this one, some in agreement and some not

DragonFly graphics improvements

• The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack
• This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs
• You should also see some power management improvements, longer battery life and various other bug fixes
• If you’re running DragonFly, especially on a laptop, you’ll want to get this stuff on your machine quick – big improvements all around

OpenBSD tames the userland

• Last week we mentioned OpenBSD’s tame framework getting support for file whitelists, and said that the userland integration was next – well, now here we are
• Theo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools
• It’s still a work-in-progress version; there’s still more to be added (including the file path whitelist stuff)
• Some classic utilities are even being reworked to make taming them easier – the “w” command, for example
• The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse)
• More discussion can be found on HN, as one might expect
• If you’re a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release

Interview – Scott Courtney – vbsdcon@verisign.com / @verisign

vBSDCon 2015

News Roundup

OPNsense, beyond the fork

• We first heard about OPNsense back in January, and they’ve since released nearly 40 versions, spanning over 5,000 commits
• This is their first big status update, covering some of the things that’ve happened since the project was born
• There’s been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more – the report touches on a little of everything

LibreSSL nukes SSLv3

• With their latest release, LibreSSL began to turn off SSLv3 support, starting with the “openssl” command
• At the time, SSLv3 wasn’t disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example)
• They’ve now flipped the switch, and the process of complete removal has started
• From the Undeadly summary, “This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!”
• With this change and a few more to follow shortly, LibreSSL won’t actually support SSL anymore – time to rename it “LibreTLS”

FreeBSD MPTCP updated

• For anyone unaware, Multipath TCP is “an ongoing effort of the Internet Engineering Task Force’s (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy.”
• There’s been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated
• Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements
• Some big performance gains can be had with MPTCP, but only if both the client and server systems support it – getting it into the FreeBSD kernel would be a good start

UEFI and GPT in OpenBSD

• There hasn’t been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently
• Some support for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review
• This comes along with a number of other commits related to GPT, much of which is being refactored and slowly reintroduced
• Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should “just work” with GPT (once everything’s in)
• The UEFI bootloader support has been committed, so stay tuned for more updates as further progress is made

Feedback/Questions

• John writes in
• Mason writes in
• Earl writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• BSD Now anniversary shirts are no longer available, and should be shipping out very soon (if they haven’t already) – big thanks to everyone who bought one (183 sold!)
• This week is the last episode written/organized by TJ

The post Virginia BSD Assembly | BSD Now 105 first appeared on Jupiter Broadcasting.

Coming up this week, we’ll be talking with Adrian Chadd about an infamous reddit thread he made. With a title like “what would you like to see in FreeBSD?” and hundreds of responses, well, we’ve got a lot to cover…

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

OpenBSD, from distribution to project

• Ted Unangst has yet another interesting blog post up, this time covering a bit of BSD history and some different phases OpenBSD has been through
• It’s the third part of his ongoing series of posts about OpenBSD removing large bits of code in favor of smaller replacements
• In the earliest days, OpenBSD collected and maintained code from lots of other projects (Apache, lynx, perl..)
• After importing new updates every release cycle, they eventually hit a transitional phase – things were updated, but nothing new was imported
• When the need arose, instead of importing a known tool to do the job, homemade replacements (OpenNTPD, OpenBGPD, etc) were slowly developed
• In more recent times, a lot of the imported code has been completely removed in favor of the homegrown daemons
• More discussion on HN and reddit

Remote ZFS mirrors, the hard way

• Backups to “the cloud” have become a hot topic in recent years, but most of them require trade-offs between convenience and security
• You have to trust (some of) the providers not to snoop on your data, but even the ones who allow you to locally encrypt files aren’t without some compromise
• As the author puts it: “We don’t need live synchronisation, cloud scaling, SLAs, NSAs, terms of service, lock-ins, buy-outs, up-sells, shut-downs, DoSs, fail whales, pay-us-or-we’ll-deletes, or any of the noise that comes with using someone else’s infrastructure.”
• This guide walks you through setting up a FreeBSD server with ZFS to do secure offsite backups yourself
• The end result is an automatic system for incremental backups that’s backed (pun intended) by ZFS
• If you’re serious about keeping your important data safe and sound, you’ll want to give this one a read – lots of detailed instructions

Various DragonFlyBSD updates

• The DragonFly guys have been quite busy this week, making an assortment of improvements throughout the tree
• Intel ValleyView graphics support was finally committed to the main repository
• While on the topic of graphics, they’ve also issued a call for testing for a DRM update (matching Linux 3.16’s and including some more Broadwell fixes)
• Their base GCC compiler is also now upgraded to version 5.2
• If your hardware supports it, DragonFly will now use an accelerated console by default

QuakeCon runs on OpenBSD

• QuakeCon, everyone’s favorite event full of rocket launchers, recently gave a mini-tour of their network setup
• For such a crazy network, unsurprisingly, they seem to be big fans of OpenBSD and PF
• In this video interview, one of the sysadmins discusses why he chose OpenBSD, what he likes about it, different packet queueing systems, how their firewalls and servers are laid out and much more
• He also talks about why they went with vanilla PF, writing their ruleset from the ground up rather than relying on a prebuilt solution
• There’s also some general networking talk about nginx, reverse proxies, caching, fiber links and all that good stuff
• Follow-up questions can be asked in this reddit thread
• The host doesn’t seem to be that familiar with the topics at hand, mentioning “OpenPF” multiple times among other things, so our listeners should get a kick out of it

Interview – Adrian Chadd – adrian@freebsd.org / @erikarn

Rethinking ways to improve FreeBSD

News Roundup

CII contributes to OpenBSD

• If you recall back to when we talked to the OpenBSD foundation, one of the things Ken mentioned was the Core Infrastructure Initiative
• In a nutshell, it’s an organization of security experts that helps facilitate (with money, in most cases) the advancement of the more critical open source components of the internet
• The group is organized by the Linux foundation, and gets its multi-million dollar backing from various big companies in the technology space (and donations from volunteers)
• To ensure that OpenBSD and its related projects (OpenSSH, LibreSSL and PF likely being the main ones here) remain healthy, they’ve just made a large donation to the foundation – this makes them the first “platinum” level donor as well
• While the exact amount wasn’t disclosed, it was somewhere between $50,000 and $100,000
• The donation comes less than a month after Microsoft’s big donation, so it’s good to see these large organizations helping out important open source projects that we depend on every day

Another BSDCan report

• The FreeBSD foundation is still getting trip reports from BSDCan, and this one comes from Mark Linimon
• In his report, he mainly covers the devsummit and some discussion with the portmgr team
• One notable change for the upcoming 10.2 release is that the default binary repository is now the quarterly branch – Mark talks a bit about this as well
• He also gives his thoughts on using QEMU for cross-compiling packages and network performance testing

Lumina 0.8.6 released

• The PC-BSD team has released another version of Lumina, their BSD-licensed desktop environment
• This is mainly a bugfix and performance improvement release, rather than one with lots of new features
• The on-screen display widget should be much faster now, and the configuration now allows for easier selection of default applications (which browser, which terminal, etc)
• Lots of non-English translation updates and assorted fixes are included as well
• If you haven’t given it a try yet, or maybe you’re looking for a new window manager, Lumina runs on all the BSDs

More c2k15 hackathon reports

• Even more reports from OpenBSD’s latest hackathon are starting to pour in
• The first one is from Alexandr Nedvedicky, one of their brand new developers (the guy from Oracle)
• He talks about his experience going to a hackathon for the first time, and lays out some of the plans for integrating their (very large) SMP PF patch into OpenBSD
• Second up is Andrew Fresh, who went without any specific plans, but still ended up getting some UTF8 work done
• On the topic of ARMv7, “I did enjoy being there when things weren’t working so [Brandon Mercer] could futilely try to explain the problem to me (I wasn’t much help with kernel memory layouts). Fortunately others overheard and provided words of encouragement and some help which was one of my favorite parts of attending this hackathon.”
• Florian Obser sent in a report that includes a little bit of everything: setting up the hackathon’s network, relayd and httpd work, bidirectional forwarding detection, airplane stories and even lots of food
• Paul Irofti wrote in as well about his activities, which were mainly focused on the Octeon CPU architecture
• He wrote a new driver for the onboard flash of a DSR-500 machine, which was built following the Common Flash Interface specification
• This means that, going forward, OpenBSD will have out-of-the-box support for any flash memory device (often the case for MIPS and ARM-based embedded devices)

Feedback/Questions

• Hamza writes in
• Florian writes in
• Dominik writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post I'll Fix Everything | BSD Now 101 first appeared on Jupiter Broadcasting.

Coming up this time on the show, we’ll be talking with the CTO of Xinuos, David Meyer, about their adoption of FreeBSD. We also discuss the BSD license model for businesses & the benefits of contributing changes back.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Enabling FreeBSD on AArch64

• One of the things the FreeBSD foundation has been dumping money into lately is ARM64 support, but we haven’t heard too much about it – this article should change that
• Since it’s on a mainstream ARM site, the article begins with a bit of FreeBSD history, leading up to the current work on ARM64
• There’s also a summary of some of the ARM work done at this year’s BSDCan, including details about running it on the Cavium ThunderX platform (which has 48 cores)
• As of just a couple months ago, dtrace is even working on this new architecture
• Come 11.0-RELEASE, the plan is for ARM64 to get the same “tier 1” treatment as X86, which would imply binary updates for base and ports – something Raspberry Pi users often complain about not having

OpenBSD’s tcpdump detailed

• Most people are probably familiar with tcpdump, a very useful packet sniffing and capturing utility that’s included in all the main BSD base systems
• This video guide is specifically about the version in OpenBSD, which has gone through some major changes (it’s pretty much a fork with no version number anymore)
• Unlike on the other platforms, OpenBSD’s tcpdump will always run in a chroot as an unprivileged user – this has saved it from a number of high-profile exploits
• It also has support for the “pf.os” system, allowing you to filter out operating system fingerprints in the packet captures
• There’s also PF (and pflog) integration, letting you see which line in your ruleset triggered a specific match
• Being able to run tcpdump directly on your router is pretty awesome for troubleshooting

More FreeBSD foundation at BSDCan

• The FreeBSD foundation has another round of trip reports from this year’s BSDCan
• First up is Kamil Czekirda, who gives a good summary of some of the devsummit, FreeBSD-related presentations, some tutorials, getting freebsd-update bugs fixed and of course eating cake
• A second post from Christian Brueffer, who cleverly planned ahead to avoid jetlag, details how he got some things done during the FreeBSD devsummit
• Their third report is from our buddy Warren Block, who (unsurprisingly) worked on a lot of documentation-related things, including getting more people involved with writing them
• In true doc team style, his report is the most well-written of the bunch, including lots of links and a clear separation of topics (doc lounge, contributing to the wiki, presentations…)
• Finally, the fourth one comes to us from Shonali Balakrishna, who also gives an outline of some of the talks
• “Not only does a BSD conference have way too many very smart people in one room, but also some of the nicest.”

DragonFly on the Chromebook C720

• If you’ve got one of the Chromebook laptops and weren’t happy with the OS it came with, DragonFlyBSD might be worth a go
• This article is a “mini-report” on how DragonFly functions on the device as a desktop, and
• While the 2GB of RAM proved to be a bit limiting, most of the hardware is well-supported
• DragonFly’s wiki has a full guide on getting set up on one of these devices as well

Interview – David Meyer – info@xinuos.com / @xinuos

Xinuos, BSD license model vs. others, community interaction

News Roundup

Introducing LiteBSD

• We definitely don’t talk about 4.4BSD a lot on the show
• LiteBSD is “a variant of [the] 4.4BSD operating system adapted for microcontrollers”
• If you’ve got really, really old hardware (or are working in the embedded space) then this might be an interesting hobby project to look info

HardenedBSD announces ASLR completion

• HardenedBSD, now officially a full-on fork of FreeBSD, has declared their ASLR patchset to be complete
• The latest and last addition to the work was VDSO (Virtual Dynamic Shared Object) randomization, which is now configurable with a sysctl
• This post gives a summary of the six main features they’ve added since the beginning
• Only a few small things are left to do – man page cleanups, possibly shared object load order improvements

Unlock the reaper

• In the ongoing quest to make more of OpenBSD SMP-friendly, a new patch was posted that unlocks the reaper in the kernel
• When there’s a zombie process causing a resource leak, it’s the reaper’s job to deallocate their resources (and yes we’re still talking about computers, not horror movies)
• Initial testing has yielded positive results and no regressions
• They’re looking for testers, so you can install a -current snapshot and get it automatically
• An updated version of the patch is coming soon too
• A hackathon is going on right now, so you can expect more SMP improvements in the near future

The importance of mentoring

• Adrian Chadd has a blog post up about mentoring new users, and it tells the story of how he originally got into FreeBSD
• He tells the story of, at age 11, meeting someone else who knew about making crystal sets that became his role model
• Eventually we get to his first FreeBSD 1.1 installation (which he temporarily abandoned for Linux, since it didn’t have a color “ls” command) and how he started using the OS
• Nowadays, there’s a formal mentoring system in FreeBSD
• While he talks about FreeBSD in the post, a lot of the concepts apply to all the BSDs (or even just life in general)

Feedback/Questions

• Sean writes in
• Herminio writes in
• Stuart writes in
• Richard writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you’re in or around the Calgary, Alberta area in Canada, there’s an OpenBSD developer speaking event at the Southern Alberta Institute of Technology on July 20th
• It’s right after the hackathon, and they’ll be discussing some of the work that was done (maybe with a Q&A session)
• We’re looking for some new interviews – get in touch if you’re doing anything cool with BSD that you’d like to talk about (or want to suggest someone else)

The post Our Code is Your Code | BSD Now 98 first appeared on Jupiter Broadcasting.

This week on the show, we’ll be chatting with Marc Espie. He’s recently added some additional security measures to dpb, OpenBSD’s package building tool, and we’ll find out why they’re so important. We’ve also got all this week’s news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSDCan 2015 videos

• BSDCan just ended last week, but some of the BSD-related presentation videos are already online
• Allan Jude, UCL for FreeBSD
• Andrew Cagney, What happens when a dwarf and a daemon start dancing by the light of the silvery moon?
• Andy Tanenbaum, A reimplementation of NetBSD using a MicroKernel
• Brooks Davis, CheriBSD: A research fork of FreeBSD
• Giuseppe Lettieri, Even faster VM networking with virtual passthrough
• Joseph Mingrone, Molecular Evolution, Genomic Analysis and FreeBSD
• Olivier Cochard-Labbe, Large-scale plug&play x86 network appliance deployment over Internet
• Peter Hessler, Using routing domains / routing tables in a production network
• Ryan Lortie, a stitch in time: jhbuild
• Ted Unangst, signify: Securing OpenBSD From Us To You
• Many more still to come…

Documenting my BSD experience

• Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it’s finally time to give BSD a try
• “That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in.”
• In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks
• The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you’re into that)
• You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into
• He’s also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon
• His second post explores replacing the firewall on his self-described “over complicated home network” with an OpenBSD box
• After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing
• All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand
• Getting to hear experiences like this are very important – they show areas where all the BSD developers’ hard work has paid off, but can also let us know where we need to improve

PC-BSD starts experimental HardenedBSD builds

• The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated
• They’re not the first major FreeBSD-based project to offer an alternate build – OPNsense did that a few weeks ago – but this might open the door for more projects to give it a try as well
• With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won’t have
• Time will tell if more projects and products like FreeNAS might be interested too

C-states in OpenBSD

• People who run BSD on their notebooks, you’ll want to pay attention to this one
• OpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power mode
• According to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life
• If you’re running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings

NetBSD at Open Source Conference 2015 Hokkaido

• The Japanese NetBSD users group never sleeps, and they’ve hit yet another open source conference
• As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)
• We’ll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms

Interview – Marc Espie – espie@openbsd.org / @espie_openbsd

Recent improvements to OpenBSD’s dpb tool

News Roundup

Introducing xhyve, bhyve on OS X

• We’ve talked about FreeBSD’s “bhyve” hypervisor a lot on the show, and now it’s been ported to another OS
• As the name “xhyve” might imply, it’s a port of bhyve to Mac OS X
• Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future
• It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer
• There are also a few examples on how to use it

4K displays on DragonFlyBSD

• If you’ve been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you’ll be pleased to know that 4K displays work just fine
• Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas
• Some GUI applications might look weird on such a huge resolution,
• HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience

Sandboxing port daemons on OpenBSD

• We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD’s base as chrooted by default – things from ports or packages don’t always get the same treatment
• This blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn’t chroot by default
• It goes through the process of manually building a sandbox with all the libraries you’ll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it
• With a few small changes, similar tricks could be done on the other BSDs as well – everybody has chroots

SmallWall 1.8.2 released

• SmallWall is a relatively new BSD-based project that we’ve never covered before
• It’s an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits
• They’ve just released the first official version, so you can give it a try now
• If you’re interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks…

Feedback/Questions

• David writes in
• Brian writes in
• Dan writes in
• Joel writes in
• Steve writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Builder's Insurance | BSD Now 94 first appeared on Jupiter Broadcasting.

We’re at BSDCan this week, but fear not! We’ve got a great interview with Sepherosa Ziehau, a DragonFly developer, about their network stack. After that, we’ll be discussing different methods of containment and privilege separation. Assuming no polar bears eat us, we’ll be back next week with more BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Interview – Sepherosa Ziehau – sephe@dragonflybsd.org

Features of DragonFlyBSD’s network stack

Discussion

Comparing containment methods and privilege separation

• chroot, jails, systrace, capsicum, filesystem permissions, separating users

Feedback/Questions

• Brad writes in
• Anonymous writes in
• Benjamin writes in
• Jeroen writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We’ll be back from BSDCan next week, hopefully with some interesting interviews

The post Stacked in Our Favor | BSD Now 93 first appeared on Jupiter Broadcasting.

Coming up this week, we’ll be chatting with Lucas Holt, founder of MidnightBSD. It’s a slightly lesser-known fork of FreeBSD, with a focus on easy desktop use. We’ll find out what’s different about it and why it was created. Answers to your emails and all this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Zocker, it’s like docker on FreeBSD

• Containment is always a hot topic, and docker has gotten a lot of hype in Linux land in the last couple years – they’re working on native FreeBSD support at the moment
• This blog post is about a docker-like script, mainly for ease-of-use, that uses only jails and ZFS in the base system
• In total, it’s 1,500 lines of shell script
• The post goes through the process of using the tool, showing off all the subcommands and explaining the configuration
• In contrast to something like ezjail, Zocker utilizes the jail.conf system in the 10.x branch

Patrol Read in OpenBSD

• OpenBSD has recently imported some new code to support the Patrol Read function of some RAID controllers
• In a nutshell, Patrol Read is a function that lets you check the health of your drives in the background, similar to a zpool “scrub” operation
• The goal is to protect file integrity by detecting drive failures before they can damage your data
• It detects bad blocks and prevents silent data corruption, while marking any bad sectors it finds

HAMMER 2 improvements

• DragonFly BSD has been working on the second generation HAMMER FS
• It now uses LZ4 compression by default, which we’ve been big fans of in ZFS
• They’ve also switched to a faster CRC algorithm, further improving HAMMER’s performance, especially when using iSCSI

FreeBSD foundation May update

• The FreeBSD foundation has published another update newsletter, detailing some of the things they’ve been up to lately
• In it, you’ll find some development status updates: notably more ARM64 work and the addition of 64 bit Linux emulation
• Some improvements were also made to FreeBSD’s release building process for non-X86 architectures
• There’s also an AsiaBSDCon recap that covers some of the presentations and the dev events
• They also have an accompanying blog post where Glen Barber talks about more sysadmin and clusteradm work at NYI

Interview – Lucas Holt – questions@midnightbsd.org / @midnightbsd

MidnightBSD

News Roundup

The launchd on train is never coming

• Replacement of init systems has been quite controversial in the last few years
• Fortunately, the BSDs have avoided most of that conflict thus far, but there have been a few efforts made to port launchd from OS X
• This blog post details the author’s opinion on why he thinks we’re never going to have launchd in any of the BSDs
• Email us your thoughts on the matter

Native SSH comes to… Windows

• In what may be the first (and last) mention of Microsoft on BSD Now…
• They’ve just recently announced that PowerShell will get native SSH support in the near future
• It’s not based on the commercial SSH either, it’s the same one from OpenBSD that we already use everywhere
• Up until now, interacting between BSD and Windows has required something like PuTTY, WinSCP, FileZilla or Cygwin – most of which are based on really outdated versions
• The announcement also promises that they’ll be working with the OpenSSH community, so we’ll see how many Microsoft-submitted patches make it upstream (or how many donations they make)

Moving to FreeBSD

• This blog post describes a long-time Linux user’s first BSD switching experience
• The author first talks about his Linux journey, eventually coming to love the more customization-friendly systems, but the journey ended with systemd
• After doing a bit of research, he gave FreeBSD a try and ended up liking it – the rest of the post mostly covers why that is
• He also plans to write about his experience with other BSDs, and is writing some tutorials too – we’ll check in with him again later on

Feedback/Questions

• Adam writes in
• Dan writes in
• Ivan writes in
• Josh writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• There’s a new LibreSSL mailing list for discussion and announcements, subscribe if you’re interested
• Next week is a prerecorded episode since we’ll be at BSDCan
• If you’re interested in doing an interview at the conference, send us an email now and we can prepare some questions ahead of time

The post BSD After Midnight | BSD Now 92 first appeared on Jupiter Broadcasting.

It’s our last episode of 2014, and we’ll be chatting with Dan Langille about the upcoming BSDCan conference. We’ll find out what’s planned and what sorts of presentations they’re looking for. As usual, answers to viewer-submitted questions and all the week’s news, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More conference presentation videos

• Some more of the presentation videos from AsiaBSDCon are appearing online
• Masanobu Saitoh, Developing CPE Routers Based on NetBSD
• Reyk Floeter, VXLAN and Cloud-based Networking with OpenBSD
• Jos Jansen, Adapting OS X to the enterprise
• Pierre Pronchery & Guillaume Lasmayous, Carve your NetBSD
• Colin Percival, Everything you need to know about cryptography in 1 hour (not from AsiaBSDCon)
• The “bsdconferences” YouTube channel has quite a lot of interesting older BSD talks too – you may want to go back and watch them if you haven’t already

OpenBSD PIE enhancements

• ASLR and PIE are great security features that OpenBSD has had enabled by default for a long time, in both the base system and ports, but they have one inherent problem
• They only work with dynamic libraries and binaries, so if you have any static binaries, they don’t get the same treatment
• For example, the default shells (and many other things in /bin and /sbin) are statically linked
• In the case of the static ones, you can always predict the memory layout, which is very bad and sort of defeats the whole purpose
• With this and a few related commits, OpenBSD fixes this by introducing static self-relocation
• More and more CPU architectures are being tested and getting support too; this isn’t just for amd64 and i386 – VAX users can rest easy
• It’ll be available in 5.7 in May, or you can use a -current snapshot if you want to get a slice of the action now

FreeBSD foundation semi-annual newsletter

• The FreeBSD foundation publishes a huge newsletter twice a year, detailing their funded projects and some community activities
• As always, it starts with a letter from the president of the foundation – this time it’s about encouraging students and new developers to get involved
• The article also has a fundraising update with a list of sponsored projects, and they note that the donations meter has changed from dollars to number of donors (since they exceeded the goal already)
• You can read summaries of all the BSD conferences of 2014 and see a list of upcoming ones next year too
• There are also sections about the FreeBSD Journal‘s progress, a new staff member and a testimonial from NetApp
• It’s a very long report, so dedicate some time to read all the way through it
• This year was pretty great for BSD: both the FreeBSD and OpenBSD foundations exceeded their goals and the NetBSD foundation came really close too
• As we go into 2015, consider donating to whichever BSD you use, it really can make a difference

Modernizing OpenSSH fingerprints

• When you connect to a server for the first time, you’ll get what’s called a fingerprint of the host’s public key – this is used to verify that you’re actually talking to the same server you intended to
• Up until now, the key fingerprints have been an MD5 hash, displayed as hex
• This can be problematic, especially for larger key types like RSA that give lots of wiggle room for collisions, as an attacker could generate a fake host key that gives the same MD5 string as the one you wanted to connect to
• This new change replaces the default MD5 and hex with a base64-encoded SHA256 fingerprint
• You can add a “FingerprintHash” line in your ssh_config to force using only the new type
• There’s also a new option to require users to authenticate with more than one public key, so you can really lock down login access to your servers – also useful if you’re not 100% confident in any single key type
• The new options should be in the upcoming 6.8 release

Interview – Dan Langille – info@bsdcan.org / @bsdcan

Plans for the BSDCan 2015 conference

News Roundup

Introducing ntimed, a new NTP daemon

• As we’ve mentioned before in our tutorials, there are two main daemons for the Network Time Protocol – ISC’s NTPd and OpenBSD’s OpenNTPD
• With all the recent security problems with ISC’s NTPd, Poul-Henning Kamp has been working on a third NTP daemon
• It’s called “ntimed” and you can try out a preview version of it right now – it’s in FreeBSD ports or on Github
• PHK also has a few blog entries about the project, including status updates

OpenBSD-maintained projects list

• There was recently a read on the misc mailing list asking about different projects started by OpenBSD developers
• The initial list had marks for which software had portable versions to other operating systems (OpenSSH being the most popular example)
• A developer compiled a new list from all of the replies to that thread into a nice organized webpage
• Most people are only familiar with things like OpenSSH, OpenSMTPD, OpenNTPD and more recently LibreSSL, but there are quite a lot more
• This page also serves as a good history lesson for BSD in general: FreeBSD and others have ported some things over, while a couple OpenBSD tools were born from forks of FreeBSD tools (mergemaster, pkg tools, portscout)

Monitoring network traffic with FreeBSD

• If you’ve ever been curious about monitoring network traffic on your FreeBSD boxes, this forum post may be exactly the thing for you
• It’ll show you how to combine the Netflow, NfDump and NfSen suite of tools to get some pretty detailed network stats (and of course put them into a fancy webpage)
• This is especially useful for finding out what was going on at a certain point in time, for example if you had a traffic spike

Trapping spammers with spamd

• This is a blog post about OpenBSD’s spamd – a spam email deferral daemon – and how to use it for your mail
• It gives some background on the greylisting approach to spam, rather than just a typical host blacklist
• “Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will “temporarily reject” any email from a sender it does not recognize. If the sender re-attempts mail delivery at a later time, the sender may be allowed to continue the mail delivery conversation.”
• The post also shows how to combine it with PF and other tools for a pretty fancy mail setup
• You can find spamd in the OpenBSD base system, or use it with FreeBSD or NetBSD via ports and pkgsrc
• You might also want to go back and listen to BSDTalk episode 68, where Will talks to Bob Beck about spamd

Feedback/Questions

• Sean writes in
• Brandon writes in
• Anders writes in
• David writes in
• Kyle writes in

Mailing List Gold

• NTP code comparison – 192870 vs. 2898
• NICs have feelings too
• Just think about it

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if you do anything cool with BSD, tell us about it
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Have a happy new year – make 2015 the year you finally switch over to BSD

The post Daemons in the North | BSD Now 70 first appeared on Jupiter Broadcasting.

This week on the show, we’ll be talking with Paul Schenkeveld, chairman of the EuroBSDCon foundation. He tells us about his experiences running BSD conferences and how regular users can get involved too. We’ve also got answers to all your emails and the latest news, coming up on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More BSD presentation videos

• The MeetBSD video uploading spree continues with a few more talks, maybe this’ll be the last batch
• Corey Vixie, Web Apps in Embedded BSD
• Allan Jude, UCL config
• Kip Macy, iflib
• While we’re on the topic of conferences, AsiaBSDCon’s CFP was extended by one week
• This year’s ruBSD will be on December 13th in Moscow
• Also, the BSDCan call for papers is out, and the event will be in June next year
• Lastly, according to Rick Miller, “A potential vBSDcon 2015 event is being explored although a decision has yet to be made.”

BSD-powered digital library in Africa

• You probably haven’t heard much about Nzega, Tanzania, but it’s an East African country without much internet access
• With physical schoolbooks being a rarity there, a few companies helped out to bring some BSD-powered reading material to a local school
• They now have a pair of FreeNAS Minis at the center of their local network, with over 80,000 books and accompanying video content stored on them (~5TB of data currently)
• The school’s workstations also got wiped and reloaded with FreeBSD, and everyone there seems to really enjoy using it

pfSense 2.2 status update

• With lots of people asking when the 2.2 release will be done, some pfSense developers have provided a status update
• 2.2 will have a lot of changes: being based on FreeBSD 10.1, Unbound instead of BIND, updating PHP to something recent, including the new(ish) IPSEC stack updates, etc
• All these things have taken more time than previously expected
• The post also has some interesting graphs showing the ratio of opened and close bugs for the upcoming release

Recommended hardware threads

• A few threads on caught our attention this week, all about hardware recommendations for BSD setups
• In the first one, the OP asks about mini-ITX hardware to run a FreeBSD server and NAS
• Everyone gave some good recommendations for low power, Atom-based systems
• The second thread started off asking about which CPU architecture is best for PF on an OpenBSD router, but ended up being another hardware thread
• For a router, the ALIX, APU and Soekris boards still seem to be the most popular choices, with the third and fourth threads confirming this
• If you’re thinking about building your first BSD box – server, router, NAS, whatever – these might be some good links to read

Interview – Paul Schenkeveld – freebsd@psconsult.nl

Running a BSD conference

News Roundup

From Linux to FreeBSD – for reals

• Another Linux user is ready to switch to BSD, and takes to Reddit for some community encouragement (seems to be a common thing now)
• After being a Linux guy for 20(!) years, he’s ready to switch his systems over, and is looking for some helpful guides to transition
• In the comments, a lot of new switchers offer some advice and reading material
• If any of the listeners have some things that were helpful along your switching journey, maybe send ’em this guy’s way

Running FreeBSD as a Xen Dom0

• Continuing progress has been made to allow FreeBSD to be a host for the Xen hypervisor
• This wiki article explains how to run the Xen branch of FreeBSD and host virtual machines on it
• Xen on FreeBSD currently supports PV guests (modified kernels) and HVM (unmodified kernels, uses hardware virtualization features)
• The wiki provides instructions for running Debian (PV) and FreeBSD (HVM), and discusses the features that are not finished yet

HardenedBSD updates and changes

• a.out is the old executable format for unix
• “The name stands for assembler output, and was coined by Ken Thompson as the fixed name for output of his PDP-7 assembler in 1968”
• FreeBSD, on which HardenedBSD is based, switched away from a.out in FreeBSD 3.0
• A restriction against NULL mapping was introduced in FreeBSD 7 and enabled by default in FreeBSD 8
• However, for reasons of compatibility, it could be switched off, allowing buggy applications to continue to run, at the risk of allowing a kernel bug to be exploited
• HardenedBSD has removed the sysctl, making it impossible to run in ‘insecure mode’
• Package Building Update: more consistent repo, no more i386 packages

Feedback/Questions

• Boris writes in
• Alex writes in
• Chris writes in
• Robert writes in
• Jake writes in

Mailing List Gold

• Real world authpf use
• The great perl event of 2014

• All the tutorials are posted in their entirety at bsdnow.tv
• If you’re in New York’s Capital District, there’s a meeting for the BSD users group on December 9th
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if there’s a tutorial you’d like to see, or maybe someone you want us to interview, let us know!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Reminder: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we’ll read and play some of them for the Christmas episode. You’ve got until December 17th to send them in.

The post Conference Connoisseur | BSD Now 66 first appeared on Jupiter Broadcasting.

Recent major flaws found in in critical open source software have sent the Internet into a panic. From Shellshock to Xen we’ll discuss how these vulnerabilities can be chained together to own a box.

Plus how secure are VLANs, a big batch of your questions, our answers, and much much more!

Thanks to:

Become a supporter on Patreon:

— Show Notes: —

Bash plus Xen bug send the entire internet scrambling

• A critical flaw was discovered in the bash shell, used as the default system shell in most versions of linux, as well as OS X.
• The flaw was with the parsing of environment variables. If a new variable was set to contain a function, if that function was followed by a semi-colon (normally a separator that can be used to chain multiple commands together), the code after the semicolon would be be executed when the shell started
• Many people are not aware, that CGI scripts pass the original request data, as well as all HTTP headers to the scripts via environment variables
• After those using bash CGI scripts ran around with chickens with their heads cut off, others came to realize that even if the CGI scripts are actually perl or something else, if they happen to fork a shell with the system() call, or similar, to do something, that shell will inherit those environment variables, and be vulnerable
• As more people spent brain cycles thinking of creative ways to exploit this bug, it was realized that even qmail was vulnerable in some cases, if a user has a .qmail file or similar to forward their email via a pipe, that command is executed via the system shell, with environment variables containing the email headers, including from, to, subject etc
• While FreeBSD does not ship with bash by default, it is a common dependency of most of the desktop environments, including gnome and KDE. PCBSD also makes bash available to users, to make life easier to linux switchers. FreeNAS uses bash for its interactive web shell for the same reason. While not vulnerable in most cases, all have been updated to ensure that some new creative way to exploit the bug does not crop up
• Apparently the DHCP client in Mac OS X also uses bash, and a malicious DHCP server could exploit the flaw
• The flaw also affects a number of VMWare products
• OpenVPN and many other software packages have also been found to be vulnerable
• The version of bash on your system can be tested easily with this one-liner:
  env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
• Which will print “this is a test”, and if bash has not yet been patched, will first print ‘vulnerable’
• ArsTechnica: Bug in bash shell creates big security hole on anything with linux in it
• Concern over bash bug grows as it is actively exploited in the wild
• First bash patch doesn’t solve problem, second patch rushed out to resolve issue
• Now that people are looking, even more bugs in bash found and fixed
• Shellshock fixes result in another round of patches as attacks get more clever
• Apple releases patch for shellshock bug
• There were also a critical update to NSS (the Mozilla cryptographic library, which was not properly validating SSL certificates)
• The other big patch this week was for Xen
• It was announced by a number of public cloud providers, including Amazon and Rackspace, that some virtual server host machines would need to be rebooted to install security fixes, resulting in downtime for 10% of Amazon instances
• It is not clear why this could not be resolved by live migrations
• All versions of Xen since 4.1 until this patch are vulnerable. The flaw is only exploitable when running fully virtualized guests (HVM mode, uses the processor virtualization features), and can not be exploited by virtual machines running in the older paravirtualization mode. Xen on ARM is not affected
• Xen Security Advisory
• Amazon Blog Post #1
• Amazon Blog Post #2
• Rackspace Blog Post
• Additional Coverage: eweek

Cox Communications takes the privacy of its customers seriously, kind of

• A female employee of Cox Communications (a large US ISP) was socially engineered into giving up her username and password
• These credentials were then used to access the private data of Cox Customers
• The attacker apparently only stole data about 52 customers, one of which was Brian Krebs
• This makes it sound like a targeted attack, or at least an attacker by someone who is (or is not) a fan of Brian Krebs
• It appears that the Cox internal customer database can be accessed directly from the internet, with only a username and password
• Cox says they use two factor authentication “in some cases”, and plan to expand the use of 2FA in the wake of this breach
• Cox being able to quickly determine exactly how many customers’ data was compromised suggests they atleast have some form of auditing in place, to leave a trail describing what data was accessed
• Brian points out: “This sad state of affairs is likely the same across multiple companies that claim to be protecting your personal and financial data. In my opinion, any company — particularly one in the ISP business — that isn’t using more than a username and a password to protect their customers’ personal information should be publicly shamed.” “Unfortunately, most companies will not proactively take steps to safeguard this information until they are forced to do so — usually in response to a data breach. Barring any pressure from Congress to find proactive ways to avoid breaches like this one, companies will continue to guarantee the security and privacy of their customers’ records, one breach at a time.”

Other researches recreate the BadUSB exploit and release the code on Github

• The “BadUSB” research was originally done by Karsten Nohl and Jakob Lell, at SR Labs in Germany.
• Presented at BlackHat, it described being able to reprogram the firmware of USB devices to perform other functions, such as a USB memory stick that presented itself to the computer as a keyboard, and typed out commands once plugged in, allowing it to compromise the computer and exfiltrate data
• Brandon Wilson and Adam Caudill were doing their own work in this space, and when they heard about the talk at BlackHat, decided to accelerate their own work
• They have now posted their code on Github
• “The problem is that Nohl and Lell—and Caudill and Wilson—have not exploited vulnerabilities in USB. They’re just taking advantage of weaknesses in the manner in which USBs are supposed to behave“
• “At Derby Con, they were able to demonstrate their attack with the device pretending to be a keyboard that typed out a predetermined script once it was plugged into the host computer. They also showed another demo where they had a hidden partition on a flash drive that was not detected by the host PC“
• “It’s undetectable while it’s happening,” Wilson said. “The PC has no way of determining the difference. The way a PC determines the type of device all happens through the USB and code on the other device. Our ability to control that code means you cannot trust anything a USB device tells you.”
• The way around this issue would be for device manufacturers to implement code signing
• The existing firmware would only allow the firmware to be updated if the new firmware was signed by the manufacturer, preventing a malicious users from overwriting the good firmware with ‘bad’ firmware
• However, users could obviously create their own devices specifically for the purpose of the evil firmware, but it would prevent the case where an attack modifies your device to work against you
• At the same time, many users might argue against losing control over their device, and no longer being able to update the firmware if they wish
• The real solution may be for Operating Systems and users to evolve to no longer trust random USB devices, and instead allow the user to decide if they trust the device, possibly something similar to mobile apps, where the OS tells the user what functionality the device is trying to present
• You might choose to not trust that USB memstick that is also attempting to present a network adapter, in order to override your DHCP settings and make your system use a set of rogue DNS servers

Feedback:

• GroffTheBSDGoat

• [Suggestion] Is it possible to enable https on www.jupiterbroadcasting.com?

• I need a cli encryption tool

• Security of a VLAN?

• Weird emails delivered to wildcard mailbox

• Bash Shellshock vs SSH

• Is open source better?

Round Up:

• Chinese iOS Trojan Targets Jailbroken iPhones Used by Hong Kong Protesters
• The science of network troubleshooting
• GitHub.com blacklisted in Russia as of today
• TheSecuritySetup.com profiles H. D. Moore’s setup
• An FBI informant led hacks against 30 countries—now we know which ones
• How hackers accidentally sold a homemade pre-release XBox One to the FBI
• LibreSSL: More Than 30 Days Later
• Cross site scripting vulnerability at eBay has existed since atleast February, redirected users to password harvesting sites and other malicious links which clicking on auction listings
• OpenVPN vulnerable to Shellshock Bash vulnerability
• Large advertising network Zedo found serving malware infected advertisements, including via Google’s DoubleClick advertising service, affected large sites including Last.fm
• The Open Technology Fund (backed by Google, Dropbox and others) is attempting to team User Interface Designers with Security Experts to design new security and cryptography tools that are easy to use
• Why parts of the internet stopped working – A small company accidently started announcing the entire internet routing table it received from one of its upstreams via its second upstream provider, causing large swaths of the internet to be routed via their connection
• Second same-origin policy bypass flaw in Android Browser

The post Xen Gets bashed | TechSNAP 182 first appeared on Jupiter Broadcasting.

We’ll be showing you how to set up a secure, SSL-only webserver. There’s also an interview with Eric Le Blan about community participation and FreeBSD’s role in the commercial server space. All that and more, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Password gropers take spamtrap bait

• Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
• He seems to have discovered another new weird phenomenon in his pop3 logs
• “yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia”
• Someone tried to log in to his service with an address that was known to be invalid
• The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose

Inside the Atheros wifi chipset

• Adrian Chadd – sometimes known in the FreeBSD community as “the wireless guy” – gave a talk at the Defcon Wireless Village 2014
• He covers a lot of topics on wifi, specifically on Atheros chips and why they’re so popular for open source development
• There’s a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
• Very technical talk; some parts might go over your head if you’re not a driver developer
• The raw video file is also available to download on archive.org
• Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things

Trip report and hackathon mini- roundup

• A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
• Mark Linimon mentions some of the future plans for FreeBSD’s release engineering and ports
• Bapt also has a BSDCan report detailing his work on ports and packages
• Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
• Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
• Christian Weisgerber talks about starting some initial improvements of OpenBSD’s ports infrastructure

DragonFly BSD 3.8.2 released

• Although it was already branched, the release media is now available for DragonFly 3.8.2
• This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
• It also includes some various other small fixes

Interview – Eric Le Blan – info@xinuos.com

Xinuos’ recent FreeBSD integration, BSD in the commercial server space

Tutorial

Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

• Back in episode 39, we covered a blog post about creating an OpenBSD gateway – partly based on our router tutorial
• This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
• He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
• The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.

Don’t encrypt all the things

• Another couple of interesting blog posts from Ted Unangst about encryption
• It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
• After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
• He also talks a bit about some PGP weaknesses and a possible future replacement
• He also has another, similar post entitled “in defense of opportunistic encryption“

New automounter lands in FreeBSD

• The work on the new automounter has just landed in 11-CURRENT
• With help from the FreeBSD Foundation, we’ll have a new “autofs” kernel option
• Check the SVN viewer online to read over the man pages if you’re not running -CURRENT
• You can also read a bit about it in the recent newsletter

OpenSSH 6.7 CFT

• It’s been a little while since the last OpenSSH release, but 6.7 is almost ready
• Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
• It includes some old code removal, some new features and some internal reworkings – we’ll cover the full list in detail when it’s released
• This version also officially supports being built with LibreSSL now
• Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system

Feedback/Questions

• David writes in
• Lachlan writes in
• Francis writes in
• Frank writes in
• Sean writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• We want to give a special thanks to our viewer Remy for writing the basis of today’s tutorial
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Final reminder: OpenBSD is moving to a new distributor in September (which is very soon!) so this is your last chance to buy any of their tshirts, CDs or posters – grab them now while you still can, and support the project

The post Engineering Nginx | BSD Now 51 first appeared on Jupiter Broadcasting.

Coming up this week on the show!

We’ve got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like.

The latest news, answers to your emails and even some LibreSSL drama, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

g2k14 hackathon reports

• Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon
• Lots of work got done – in just the first two weeks of July, there were over 1000 commits to their CVS tree
• Some of the developers wrote in to document what they were up to at the event
• Bob Beck planned to work on kernel stuff, but then “LibreSSL happened” and he spent most of his time working on that
• Miod Vallat also tells about his LibreSSL experiences
• Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we’ll be interviewing him next week!)
• Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)
• Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things
• Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency
• Martin Pelikan integrated read-only ext4 support
• Vadim Zhukov did lots of ports work, including working on KDE4
• Theo de Raadt created a new, more secure system call, “sendsyslog” and did a lot of work with /etc, sysmerge and the rc scripts
• Paul Irofti worked on the USB stack, specifically for the Octeon platform
• Sebastian Benoit worked on relayd filters and IPv6 code
• Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader
• Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection
• Stefan Sperling fixed a lot of issues with wireless drivers
• Florian Obser did many things related to IPv6
• Ingo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface
• Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives
• Matthieu Herrb worked on updating and modernizing parts of xenocara

FreeBSD pf discussion takes off

• A thread started on the freebsd-questions and freebsd-current mailing lists this week concerning FreeBSD’s version of pf being old and seemingly unmaintained (unfortunately people didn’t always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)
• Straight from the SMP FreeBSD pf maintainer: “no one right now [is actively developing pf on FreeBSD]” and “Following OpenBSD on features would be cool, but no bulk imports would be made again. Bulk imports produce bad quality of port,
  and also pf in OpenBSD has no multi thread support”
• Baptiste Daroussin was quick to point out that multi-thread support is not the only difference between FreeBSD and OpenBSD versions of pf, including work that was done to support VIMAGE (network virtualization, to support have entire network stacks in jails)
• Baptiste Daroussin also reports on his efforts to update FreeBSD pf. He ran into problems and after breaking pf on head, his changes were reverted. He reports that he is still interested in porting individual OpenBSD pf features that are relevant to him, but not in a ‘full sync’ or being the overall maintainer of FreeBSD pf
• The project is looking for volunteers to continue the work. Mentorship is available for a number of people familiar with the FreeBSD networking stack, and Henning Brauer (one of the authors of OpenBSD pf) has stated his willingness to help on a number of occasions, and candidates can apply to the FreeBSD Foundation for funding
• Searching for documentation online for pf is troublesome because there are two incompatible syntaxes
• FreeBSD’s pf man pages are lacking, and some of FreeBSD’s documentation still links to OpenBSD’s pages, which are not compatible anymore
• The discussion also touched on importing pf patches from pfSense, although the license that these patches are under is not clear at this time
• Things quickly got off topic as further disagreement among individual developers vs. users derailed the conversation somewhat
• Many users are very vocal about wanting it updated, saying they are willing to deal with the syntax change and it is worth the benefits
• Some developers wonder which features of OpenBSD pf users actually want, other than just ‘the latest shiny’
• Currently the only known problem with FreeBSD pf is with ipv6 fragments, and the VIMAGE subsystem
• Gleb Smirnoff, author of the FreeBSD-specific SMP patches, says Henning’s claims about OpenBSD’s improved speed are “uncorroborated claims” (but neither side has provided any public benchmarks)
• Olivier Cochard-Labbé (of the BSD Router Project) provided his benchmarks from Nov 2013 of packet forwarding rates with various configurations of FreeBSD 9.2 and 10, vs OpenBSD 5.4. Here is the raw data and scripts to reproduce and a graph of the results
• There seem to be many opinions about what to do about pf, but so far no one willing to do the work

LibreSSL progress update

• LibreSSL’s first few portable releases have come out and they’re making great progress, releasing 2.0.3 two days ago
• Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list
• However, there has already been some drama… with Linux users
• There was a problem with Linux’s PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy
• This “problem” doesn’t affect OpenBSD’s native implementation, only the portable version
• The developers decide to weigh in to calm the misinformation and rage
• A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now – remember to say thanks, guys
• Ted Unangst has a really good post about the whole situation, definitely check it out
• As a follow-up from last week, bapt says they’re working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly – if you’re a port maintainer, please test your ports against it

Preparation for NetBSD 7

• The release process for NetBSD 7.0 is finally underway
• The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September
• If you run NetBSD, that’ll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)
• They’re also looking for some help updating documentation and fixing any bugs that get reported
• Another formal announcement will be made when the beta binaries are up

Interview – Dag-Erling Smørgrav – des@freebsd.org / @RealEvilDES

The role of the FreeBSD Security Officer, recent ports features, various topics

News Roundup

BSDCan ports and packages WG

• Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages
• Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages
• There’s also some detail about the signing infrastructure and different mirrors
• Ports people and source people need to talk more often about ABI breakage
• The post also includes information about pkg 1.3, the old pkg tools’ EOL, the quarterly stable package sets and a lot more (it’s a huge post!)

Cross-compiling ports with QEMU and poudriere

• With recent QEMU features, you can basically chroot into a completely different architecture
• This article goes through the process of building ARMv6 packages on a normal X86 box
• Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now
• The poudriere-devel port now has a “qemu user” option that will pull in all the requirements
• Hopefully this will pave the way for official pkgng packages on those lesser-used architectures

Cloning FreeBSD with ZFS send

• For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen
• This post shows his entire process in creating a mirror machine, using ZFS for everything
• The “zfs send” and “zfs snapshot” commands really come in handy for this
• He does the whole thing from a live CD, pretty impressive

FreeBSD Overview series

• A new blog series we stumbled upon about a Linux user switching to BSD
• In part one, he gives a little background on being “done with Linux distros” and documents his initial experience getting and installing FreeBSD 10
• He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels
• Most of what he was used to on Linux was already in the default FreeBSD (except bash…)
• Part two documents his experiences with pkgng and ports

Feedback/Questions

• Bostjan writes in
• Rick writes in
• Clint writes in
• Esteban writes in
• Ben writes in
• Matt sends in pictures of his FreeBSD CD collection

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Last week we talked a bit about hardware compatibility, check out the NYC BSD Users’ Group’s dmesgd , a database of user submitted dmesg output from various hardware on various BSD’s. Help the community, submit your dmesg today!
• If you want to come on for an interview or have a tutorial you’d like to see, let us know – we want to do what the viewers want to see
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post DES Challenge IV | BSD Now 47 first appeared on Jupiter Broadcasting.