fosdem – Jupiter Broadcasting

NetBSD is a highly portable operating system which can be run on dozens of different hardware architectures. The operating system’s clean and minimal design allow it to be run in all sorts of environments, ranging from embedded devices, to servers, to workstations. While the base operating system is minimal, NetBSD users have access to a large repository of binary packages and a ports tree which I will touch upon later.
I last tried NetBSD 7.0 about three years ago and decided it was time to test drive the operating system again. In the past three years NetBSD has introduced a few new features, many of them security enhancements. For example, NetBSD now supports write exclusive-or execute (W^X) protection and address space layout randomization (ASLR) to protect programs against common attacks. NetBSD 8.0 also includes USB3 support and the ability to work with ZFS storage volumes.

Early impressions

Since I had set up NetBSD with a Full install and enabled xdm during the setup process, the operating system booted to a graphical login screen. From here we can sign into our account. The login screen does not provide options to shut down or restart the computer. Logging into our account brings up the twm window manager and provides a virtual terminal, courtesy of xterm. There is a panel that provides a method for logging out of the window manager. The twm environment is sparse, fast and devoid of distractions.

Software management

NetBSD ships with a fairly standard collection of command line tools and manual pages, but otherwise it is a fairly minimal platform. If we want to run network services, have access to a web browser, or use a word processor we are going to need to install more software. There are two main approaches to installing new packages. The first, and easier approach, is to use the pkgin package manager. The pkgin utility works much the same way APT or DNF work in the Linux world, or as pkg works on FreeBSD. We can search for software by name, install or remove items. I found pkgin worked well, though its output can be terse. My only complaint with pkgin is that it does not handle “close enough” package names. For example, if I tried to run “pkgin install vlc” or “pkgin install firefox” I would quickly be told these items did not exist. But a more forgiving package manager will realize items like vlc2 or firefox45 are available and offer to install those.
The pkgin tool installs new programs in the /usr/pkg/bin directory. Depending on your configuration and shell, this location may not be in your user’s path, and it will be helpful to adjust your PATH variable accordingly.
The other common approach to acquiring new software is to use the pkgsrc framework. I have talked about using pkgsrc before and I will skip the details. Basically, we can download a collection of recipes for building popular open source software and run a command to download and install these items from their source code. Using pkgsrc basically gives us the same software as using pkgin would, but with some added flexibility on the options we use.
Once new software has been installed, it may need to be enabled and activated, particularly if it uses (or is) a background service. New items can be enabled in the /etc/rc.conf file and started or stopped using the service command. This works about the same as the service command on FreeBSD and most non-systemd Linux distributions.

Hardware

I found that, when logged into the twm environment, NetBSD used about 130MB of RAM. This included kernel memory and all active memory. A fresh, Full install used up 1.5GB of disk space. I generally found NetBSD ran well in both VirtualBox and on my desktop computer. The system was quick and stable. I did have trouble getting a higher screen resolution in both environments. NetBSD does not offer VirtualBox add-on modules. There are NetBSD patches for VirtualBox out there, but there is some manual work involved in getting them working. When running on my desktop computer I think the resolution issue was one of finding and dealing with the correct video driver. Screen resolution aside, NetBSD performed well and detected all my hardware.

Personal projects

Since NetBSD provides users with a small, core operating system without many utilities if we want to use NetBSD for something we need to have a project in mind. I had four mini projects in mind I wanted to try this week: install a desktop environment, enable file sharing for computers on the local network, test multimedia (video, audio and YouTube capabilities), and set up a ZFS volume for storage.
I began with the desktop. Specifically, I followed the same tutorial I used three years ago to try to set up the Xfce desktop. While Xfce and its supporting services installed, I was unable to get a working desktop out of the experience. I could get the Xfce window manager working, but not the entire session. This tutorial worked beautifully with NetBSD 7.0, but not with version 8.0. Undeterred, I switched gears and installed Fluxbox instead. This gave me a slightly more powerful graphical environment than what I had before with twm while maintaining performance. Fluxbox ran without any problems, though its application menu was automatically populated with many programs which were not actually installed.
Next, I tried installing a few multimedia applications to play audio and video files. Here I ran into a couple of interesting problems. I found the music players I installed would play audio files, but the audio was quite slow. It always sounded like a cassette tape dragging. When I tried to play a video, the entire graphical session would crash, taking me back to the login screen. When I installed Firefox, I found I could play YouTube videos, and the video played smoothly, but again the audio was unusually slow.
I set up two methods of sharing files on the local network: OpenSSH and FTP. NetBSD basically gives us OpenSSH for free at install time and I added an FTP server through the pkgin package manager which worked beautifully with its default configuration.
I experimented with ZFS support a little, just enough to confirm I could create and access ZFS volumes. ZFS seems to work on NetBSD just as well, and with the same basic features, as it does on FreeBSD and mainstream Linux distributions. I think this is a good feature for the portable operating system to have since it means we can stick NetBSD on nearly any networked computer and use it as a NAS.

Conclusions

NetBSD, like its close cousins (FreeBSD and OpenBSD) does not do a lot of hand holding or automation. It offers a foundation that will run on most CPUs and we can choose to build on that foundation. I mention this because, on its own, NetBSD does not do much. If we want to get something out of it, we need to be willing to build on its foundation – we need a project. This is important to keep in mind as I think going into NetBSD and thinking, “Oh I’ll just explore around and expand on this as I go,” will likely lead to disappointment. I recommend figuring out what you want to do before installing NetBSD and making sure the required tools are available in the operating system’s repositories.
Some of the projects I embarked on this week (using ZFS and setting up file sharing) worked well. Others, like getting multimedia support and a full-featured desktop, did not. Given more time, I’m sure I could find a suitable desktop to install (along with the required documentation to get it and its services running), or customize one based on one of the available window managers. However, any full featured desktop is going to require some manual work. Media support was not great. The right players and codecs were there, but I was not able to get audio to play smoothly.
My main complaint with NetBSD relates to my struggle to get some features working to my satisfaction: the documentation is scattered. There are four different sections of the project’s website for documentation (FAQs, The Guide, manual pages and the wiki). Whatever we are looking for is likely to be in one of those, but which one? Or, just as likely, the tutorial we want is not there, but is on a forum or blog somewhere. I found that the documentation provided was often thin, more of a quick reference to remind people how something works rather than a full explanation.
As an example, I found a couple of documents relating to setting up a firewall. One dealt with networking NetBSD on a LAN, another explored IPv6 support, but neither gave an overview on syntax or a basic guide to blocking all but one or two ports. It seemed like that information should already be known, or picked up elsewhere.
Newcomers are likely to be a bit confused by software management guides for the same reason. Some pages refer to using a tool called pkg_add, others use pkgsrc and its make utility, others mention pkgin. Ultimately, these tools each give approximately the same result, but work differently and yet are mentioned almost interchangeably. I have used NetBSD before a few times and could stumble through these guides, but new users are likely to come away confused.
One quirk of NetBSD, which may be a security feature or an inconvenience, depending on one’s point of view, is super user programs are not included in regular users’ paths. This means we need to change our path if we want to be able to run programs typically used by root. For example, shutdown and mount are not in regular users’ paths by default. This made checking some things tricky for me.
Ultimately though, NetBSD is not famous for its convenience or features so much as its flexibility. The operating system will run on virtually any processor and should work almost identically across multiple platforms. That gives NetBSD users a good deal of consistency across a range of hardware and the chance to experiment with a member of the Unix family on hardware that might not be compatible with Linux or the other BSDs.

###Showing a Gigabit OpenBSD Firewall Some Monitoring Love

I have a pretty long history of running my home servers or firewalls on “exotic” hardware. At first, it was Sun Microsystem hardware, then it moved to the excellent Soekris line, with some cool single board computers thrown in the mix. Recently I’ve been running OpenBSD Octeon on the Ubiquiti Edge Router Lite, an amazing little piece of kit at an amazing price point.

Upgrade Time!

This setup has served me for some time and I’ve been extremely happy with it. But, in the #firstworldproblems category, I recently upgraded the household to the amazing Gigabit fibre offering from Sonic. A great problem to have, but also too much of a problem for the little Edge Router Lite (ERL).
The way the OpenBSD PF firewall works, it’s only able to process packets on a single core. Not a problem for the dual-core 500 MHz ERL when you’re pushing under ~200 Mbps, but more of a problem when you’re trying to push 1000 Mbps.
I needed something that was faster on a per core basis but still satisfied my usual firewall requirements. Loosely:

small form factor
fan-less
multiple Intel Ethernet ports (good driver support)
low power consumption
not your regular off-the-shelf kit
relatively inexpensive

After evaluating a LOT of different options I settled on the Protectli Vault FW2B. With the specs required for the firewall (2 GB RAM and 8 GB drive) it comes in at a mere $239 USD! Installation of OpenBSD 6.4 was pretty straight forward, with the only problem I had was Etcher did not want to recognize the ‘.fs’ extension on the install image as bootable image. I quickly fixed this with good old Unix dd(1) on the Mac. Everything else was incredibly smooth.
After loading the same rulesets on my new install, the results were fantastic!

Monitoring

Now that the machine was up and running (and fast!), I wanted to know what it was doing. Over the years, I’ve always relied on the venerable pfstat software to give me an overview of my traffic, blocked packets, etc. It looks like this:
As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.
I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.
A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!
As you can see it’s based on RRDtool, which was simply incredible in its time. Having worked on monitoring almost continuously for almost the past decade, I wanted to see if we could re-implement the same functionality using more modern tools as RRDtool and pfstat definitely have their limitations. This might be an opportunity to learn some new things as well.
I came across pf-graphite which seemed to be a great start! He had everything I needed and I added a few more stats from the detailed interface statistics and the ability for the code to exit for running from cron(8), which is a bit more OpenBSD style. I added code for sending to some SaaS metrics platforms but ultimately stuck with straight Graphite. One important thing to note was to use the Graphite pickle port (2004) instead of the default plaintext port for submission. Also you will need to set a loginterface in your ‘pf.conf’.
A bit of tweaking with Graphite and Grafana, and I had a pretty darn good recreation of my original PF stats dashboard!

###The Source History of Cat

I once had a debate with members of my extended family about whether a computer science degree is a degree worth pursuing. I was in college at the time and trying to decide whether I should major in computer science. My aunt and a cousin of mine believed that I shouldn’t. They conceded that knowing how to program is of course a useful and lucrative thing, but they argued that the field of computer science advances so quickly that everything I learned would almost immediately be outdated. Better to pick up programming on the side and instead major in a field like economics or physics where the basic principles would be applicable throughout my lifetime.
I knew that my aunt and cousin were wrong and decided to major in computer science. (Sorry, aunt and cousin!) It is easy to see why the average person might believe that a field like computer science, or a profession like software engineering, completely reinvents itself every few years. We had personal computers, then the web, then phones, then machine learning… technology is always changing, so surely all the underlying principles and techniques change too. Of course, the amazing thing is how little actually changes. Most people, I’m sure, would be stunned to know just how old some of the important software on their computer really is. I’m not talking about flashy application software, admittedly—my copy of Firefox, the program I probably use the most on my computer, is not even two weeks old. But, if you pull up the manual page for something like grep, you will see that it has not been updated since 2010 (at least on MacOS). And the original version of grep was written in 1974, which in the computing world was back when dinosaurs roamed Silicon Valley. People (and programs) still depend on grep every day.
My aunt and cousin thought of computer technology as a series of increasingly elaborate sand castles supplanting one another after each high tide clears the beach. The reality, at least in many areas, is that we steadily accumulate programs that have solved problems. We might have to occasionally modify these programs to avoid software rot, but otherwise they can be left alone. grep is a simple program that solves a still-relevant problem, so it survives. Most application programming is done at a very high level, atop a pyramid of much older code solving much older problems. The ideas and concepts of 30 or 40 years ago, far from being obsolete today, have in many cases been embodied in software that you can still find installed on your laptop.
I thought it would be interesting to take a look at one such old program and see how much it had changed since it was first written. cat is maybe the simplest of all the Unix utilities, so I’m going to use it as my example. Ken Thompson wrote the original implementation of cat in 1969. If I were to tell somebody that I have a program on my computer from 1969, would that be accurate? How much has cat really evolved over the decades? How old is the software on our computers?
Thanks to repositories like this one, we can see exactly how cat has evolved since 1969. I’m going to focus on implementations of cat that are ancestors of the implementation I have on my Macbook. You will see, as we trace cat from the first versions of Unix down to the cat in MacOS today, that the program has been rewritten more times than you might expect—but it ultimately works more or less the same way it did fifty years ago.

Research Unix

Ken Thompson and Dennis Ritchie began writing Unix on a PDP 7. This was in 1969, before C, so all of the early Unix software was written in PDP 7 assembly. The exact flavor of assembly they used was unique to Unix, since Ken Thompson wrote his own assembler that added some features on top of the assembler provided by DEC, the PDP 7’s manufacturer. Thompson’s changes are all documented in the original Unix Programmer’s Manual under the entry for as, the assembler.
The first implementation of cat is thus in PDP 7 assembly. I’ve added comments that try to explain what each instruction is doing, but the program is still difficult to follow unless you understand some of the extensions Thompson made while writing his assembler. There are two important ones. First, the ; character can be used to separate multiple statements on the same line. It appears that this was used most often to put system call arguments on the same line as the sys instruction. Second, Thompson added support for “temporary labels” using the digits 0 through 9. These are labels that can be reused throughout a program, thus being, according to the Unix Programmer’s Manual, “less taxing both on the imagination of the programmer and on the symbol space of the assembler.” From any given instruction, you can refer to the next or most recent temporary label n using nf and nb respectively. For example, if you have some code in a block labeled 1:, you can jump back to that block from further down by using the instruction jmp 1b. (But you cannot jump forward to that block from above without using jmp 1f instead.)
The most interesting thing about this first version of cat is that it contains two names we should recognize. There is a block of instructions labeled getc and a block of instructions labeled putc, demonstrating that these names are older than the C standard library. The first version of cat actually contained implementations of both functions. The implementations buffered input so that reads and writes were not done a character at a time.
The first version of cat did not last long. Ken Thompson and Dennis Ritchie were able to persuade Bell Labs to buy them a PDP 11 so that they could continue to expand and improve Unix. The PDP 11 had a different instruction set, so cat had to be rewritten. I’ve marked up this second version of cat with comments as well. It uses new assembler mnemonics for the new instruction set and takes advantage of the PDP 11’s various addressing modes. (If you are confused by the parentheses and dollar signs in the source code, those are used to indicate different addressing modes.) But it also leverages the ; character and temporary labels just like the first version of cat, meaning that these features must have been retained when as was adapted for the PDP 11.
The second version of cat is significantly simpler than the first. It is also more “Unix-y” in that it doesn’t just expect a list of filename arguments—it will, when given no arguments, read from stdin, which is what cat still does today. You can also give this version of cat an argument of – to indicate that it should read from stdin.
In 1973, in preparation for the release of the Fourth Edition of Unix, much of Unix was rewritten in C. But cat does not seem to have been rewritten in C until a while after that. The first C implementation of cat only shows up in the Seventh Edition of Unix. This implementation is really fun to look through because it is so simple. Of all the implementations to follow, this one most resembles the idealized cat used as a pedagogic demonstration in K&R C. The heart of the program is the classic two-liner:

while ((c = getc(fi)) != EOF)
putchar(c);

There is of course quite a bit more code than that, but the extra code is mostly there to ensure that you aren’t reading and writing to the same file. The other interesting thing to note is that this implementation of cat only recognized one flag, -u. The -u flag could be used to avoid buffering input and output, which cat would otherwise do in blocks of 512 bytes.

After the Seventh Edition, Unix spawned all sorts of derivatives and offshoots. MacOS is built on top of Darwin, which in turn is derived from the Berkeley Software Distribution (BSD), so BSD is the Unix offshoot we are most interested in. BSD was originally just a collection of useful programs and add-ons for Unix, but it eventually became a complete operating system. BSD seems to have relied on the original cat implementation up until the fourth BSD release, known as 4BSD, when support was added for a whole slew of new flags. The 4BSD implementation of cat is clearly derived from the original implementation, though it adds a new function to implement the behavior triggered by the new flags. The naming conventions already used in the file were adhered to—the fflg variable, used to mark whether input was being read from stdin or a file, was joined by nflg, bflg, vflg, sflg, eflg, and tflg, all there to record whether or not each new flag was supplied in the invocation of the program. These were the last command-line flags added to cat; the man page for cat today lists these flags and no others, at least on Mac OS. 4BSD was released in 1980, so this set of flags is 38 years old.
cat would be entirely rewritten a final time for BSD Net/2, which was, among other things, an attempt to avoid licensing issues by replacing all AT&T Unix-derived code with new code. BSD Net/2 was released in 1991. This final rewrite of cat was done by Kevin Fall, who graduated from Berkeley in 1988 and spent the next year working as a staff member at the Computer Systems Research Group (CSRG). Fall told me that a list of Unix utilities still implemented using AT&T code was put up on a wall at CSRG and staff were told to pick the utilities they wanted to reimplement. Fall picked cat and mknod. The cat implementation bundled with MacOS today is built from a source file that still bears his name at the very top. His version of cat, even though it is a relatively trivial program, is today used by millions.
Fall’s original implementation of cat is much longer than anything we have seen so far. Other than support for a -? help flag, it adds nothing in the way of new functionality. Conceptually, it is very similar to the 4BSD implementation. It is only longer because Fall separates the implementation into a “raw” mode and a “cooked” mode. The “raw” mode is cat classic; it prints a file character for character. The “cooked” mode is cat with all the 4BSD command-line options. The distinction makes sense but it also pads out the implementation so that it seems more complex at first glance than it actually is. There is also a fancy error handling function at the end of the file that further adds to its length.

MacOS

The very first release of Mac OS X thus includes an implementation of cat pulled from the NetBSD project. So the first Mac OS X implementation of cat is Kevin Fall’s cat. The only thing that had changed over the intervening decade was that Fall’s error-handling function err() was removed and the err() function made available by err.h was used in its place. err.h is a BSD extension to the C standard library.
The NetBSD implementation of cat was later swapped out for FreeBSD’s implementation of cat. According to Wikipedia, Apple began using FreeBSD instead of NetBSD in Mac OS X 10.3 (Panther). But the Mac OS X implementation of cat, according to Apple’s own open source releases, was not replaced until Mac OS X 10.5 (Leopard) was released in 2007. The FreeBSD implementation that Apple swapped in for the Leopard release is the same implementation on Apple computers today. As of 2018, the implementation has not been updated or changed at all since 2007.
So the Mac OS cat is old. As it happens, it is actually two years older than its 2007 appearance in MacOS X would suggest. This 2005 change, which is visible in FreeBSD’s Github mirror, was the last change made to FreeBSD’s cat before Apple pulled it into Mac OS X. So the Mac OS X cat implementation, which has not been kept in sync with FreeBSD’s cat implementation, is officially 13 years old. There’s a larger debate to be had about how much software can change before it really counts as the same software; in this case, the source file has not changed at all since 2005.
The cat implementation used by Mac OS today is not that different from the implementation that Fall wrote for the 1991 BSD Net/2 release. The biggest difference is that a whole new function was added to provide Unix domain socket support. At some point, a FreeBSD developer also seems to have decided that Fall’s raw_args() function and cook_args() should be combined into a single function called scanfiles(). Otherwise, the heart of the program is still Fall’s code.
I asked Fall how he felt about having written the cat implementation now used by millions of Apple users, either directly or indirectly through some program that relies on cat being present. Fall, who is now a consultant and a co-author of the most recent editions of TCP/IP Illustrated, says that he is surprised when people get such a thrill out of learning about his work on cat. Fall has had a long career in computing and has worked on many high-profile projects, but it seems that many people still get most excited about the six months of work he put into rewriting cat in 1989.

The Hundred-Year-Old Program

In the grand scheme of things, computers are not an old invention. We’re used to hundred-year-old photographs or even hundred-year-old camera footage. But computer programs are in a different category—they’re high-tech and new. At least, they are now. As the computing industry matures, will we someday find ourselves using programs that approach the hundred-year-old mark?
Computer hardware will presumably change enough that we won’t be able to take an executable compiled today and run it on hardware a century from now. Perhaps advances in programming language design will also mean that nobody will understand C in the future and cat will have long since been rewritten in another language. (Though C has already been around for fifty years, and it doesn’t look like it is about to be replaced any time soon.) But barring all that, why not just keep using the cat we have forever?
I think the history of cat shows that some ideas in computer science are in fact very durable. Indeed, with cat, both the idea and the program itself are old. It may not be accurate to say that the cat on my computer is from 1969. But I could make a case for saying that the cat on my computer is from 1989, when Fall wrote his implementation of cat. Lots of other software is just as ancient. So maybe we shouldn’t think of computer science and software development primarily as fields that disrupt the status quo and invent new things. Our computer systems are built out of historical artifacts. At some point, we may all spend more time trying to understand and maintain those historical artifacts than we spend writing new code.

##News Roundup
###Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems

A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment.
The flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.

Privilege escalation and arbitrary file overwrite

An advisory on Thursday describes the problem as an “incorrect command-line parameter validation” that also allows an attacker to overwrite arbitrary files.
Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the X.org server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.

Bug could have been avoided in OpenBSD 6.4

OpenBSD, the free and open-source operating system with a strong focus on security, uses xorg. On October 18, the project released version 6.4 of the OS, affected by CVE-2018-14665. This could have been avoided, though.
Theo de Raadt, founder and leader of the OpenBSD project, says that X maintainer knew about the problem since at least October 11. For some reason, the OpenBSD developers received the message one hour before the public announcement this Thursday, a week after their new OS release.
“As yet we don’t have answers about why our X maintainer (on the X security team) and his team provided information to other projects (some who don’t even ship with this new X server) but chose to not give us a heads-up which could have saved all the new 6.4 users a lot of grief,” Raadt says.
Had OpenBSD developers known about the bug before the release, they could have taken steps to mitigate the problem or delay the launch for a week or two.
To remedy the problem, the OpenBSD project provides a source code patch, which requires compiling and rebuilding the X server.
As a temporary solution, users can disable the Xorg binary by running the following command:

chmod u-s /usr/X11R6/bin/Xorg

Trivial exploitation

CVE-2018-14665 does not help compromise systems, but it is useful in the following stages of an attack.
Leveraging it after gaining access to a vulnerable machine is fairly easy. Matthew Hickey, co-founder, and head of Hacker House security outfit created and published an exploit, saying that it can be triggered from a remote SSH session.
Three hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line that overwrote shadow files on the system. Hickey did one better and fit the entire local privilege escalation exploit in one line.
Apart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro Red Hat Enterprise Linux along with its community-supported counterpart CentOS.

###OpenBSD on the Desktop: some thoughts

I’ve been using OpenBSD on my ThinkPad X230 for some weeks now, and the experience has been peculiar in some ways.
The OS itself in my opinion is not ready for widespread desktop usage, and the development team is not trying to push it in the throat of anybody who wants a Windows or macOS alternative.
You need to understand a little bit of how *NIX systems work, because you’ll use CLI more than UI.
That’s not necessarily bad, and I’m sure I learned a trick or two that could translate easily to Linux or macOS.
Their development process is purely based on developers that love to contribute and hack around, just because it’s fun.
Even the mailing list is a cool place to hang on!
Code correctness and security are a must, nothing gets committed if it doesn’t get reviewed thoroughly first – nowadays the first two properties should be enforced in every major operating system.
I like the idea of a platform that continually evolves.
pledge(2) and unveil(2) are the proof that with a little effort, you can secure existing software better than ever.
I like the “sensible defaults” approach, having an OS ready to be used – UI included if you selected it during the setup process – is great.
Just install a browser and you’re ready to go.
Manual pages on OpenBSD are real manuals, not an extension of the “–help” command found in most CLI softwares.
They help you understand inner workings of the operating system, no internet connection needed.
There are some trade-offs, too.
Performance is not first-class, mostly because of all the security mitigations and checks done at runtime3.
I write Go code in neovim, and sometimes you can feel a slight slowdown when you’re compiling and editing multiple files at the same time, but usually I can’t notice any meaningful difference.
Browsers are a different matter though, you can definitely feel something differs from the experience you can have on mainstream operating systems.
But again, trade-offs.
To use OpenBSD on the desktop you must be ready to sacrifice some of the goodies of mainstream OSes, but if you’re searching for a zen place to do your computing stuff, it’s the best you can get right now.

###Review: NomadBSD 1.1

One of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: “NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.”
The latest release of NomadBSD (or simply “Nomad”, as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.
Nomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.

Initial setup

Booting from the USB drive brings up a series of text-based menus which ask us to configure key parts of the operating system. We are asked to select our time zone, keyboard layout, keyboard model, keyboard mapping and our preferred language. While we can select options from a list, the options tend to be short and cryptic. Rather than “English (US)”, for example, we might be given “en_US”. We are also asked to create a password for the root user account and another one for a regular user which is called “nomad”. We can then select which shell nomad will use. The default is zsh, but there are plenty of other options, including csh and bash. We have the option of encrypting our user’s home directory.
I feel it is important to point out that these settings, and nomad’s home directory, are stored on the USB drive. The options and settings we select will not be saved to our local hard drive and our configuration choices will not affect other operating systems already installed on our computer. At the end, the configuration wizard asks if we want to run the BSDstats service. This option is not explained at all, but it contacts BSDstats to provide some basic statistics on BSD users.
The system then takes a few minutes to apply its changes to the USB drive and automatically reboots the computer. While running the initial setup wizard, I had nearly identical experiences when running Nomad on a physical computer and running the operating system in a VirtualBox virtual machine. However, after the initial setup process was over, I had quite different experiences depending on the environment so I want to divide my experiences into two different sections.

Physical desktop computer

At first, Nomad failed to boot on my desktop computer. From the operating system’s boot loader, I enabled Safe Mode which allowed Nomad to boot. At that point, Nomad was able to start up, but would only display a text console. The desktop environment failed to start when running in Safe Mode.
Networking was also disabled by default and I had to enable a network interface and DHCP address assignment to connect to the Internet. Instructions for enabling networking can be found in FreeBSD’s Handbook. Once we are on-line we can use the pkg command line package manager to install and update software. Had the desktop environment worked then the Octopkg graphical package manager would also be available to make browsing and installing software a point-n-click experience.
Had I been able to run the desktop for prolonged amounts of time I could have made use of such pre-installed items as the Firefox web browser, the VLC media player, LibreOffice and Thunderbird. Nomad offers a fairly small collection of desktop applications, but what is there is mostly popular, capable software.
When running the operating system I noted that, with one user logged in, Nomad only runs 15 processes with the default configuration. These processes require less than 100MB of RAM, and the whole system fits comfortably on a 4GB USB drive.

Conclusions

Ultimately using Nomad was not a practical option for me. The operating system did not work well with my hardware, or the virtual environment. In the virtual machine, Nomad crashed consistently after just a few minutes of uptime. On the desktop computer, I could not get a desktop environment to run. The command line tools worked well, and the system performed tasks very quickly, but a command line only environment is not well suited to my workflow.
I like the idea of what NomadBSD is offering. There are not many live desktop flavours of FreeBSD, apart from GhostBSD. It was nice to see developers trying to make a FreeBSD-based, plug-and-go operating system that would offer a desktop and persistent storage. I suspect the system would work and perform its stated functions on different hardware, but in my case my experiment was necessarily short lived.

##Beastie Bits

##Feedback/Questions

Tobias – Satisfying my storage hunger and wallet pains
Lasse – Question regarding FreeBSD backups
- https://twitter.com/dlangille
- https://dan.langille.org/

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post A Thoughtful Episode | BSD Now 273 first appeared on Jupiter Broadcasting.

Chilling with Kylin | LINUX Unplugged 184

chris — Tue, 14 Feb 2017 19:47:48 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Follow Up / Catch Up

Amazon Chime: Frustration-free meetings with exceptional audio and video quality – YouTube

Amazon unveils Chime, looks to reinvent the conference call with new Skype and GoToMeeting competitor – GeekWire

Now, the Seattle tech juggernaut wants to reinvent how you conduct meetings and conference calls.

Meet The New Linux Desktop Environment Inspired by Windows 7

UKUI is developed by Ubuntu Kylin, the official Chinese-language spin of Ubuntu. It aims to provide ‘a simpler and more enjoyable experience for browsing, searching, and managing your computer’.

Effectively using Android without Google Play Services with gplayweb in Docker

There are many good reasons of using Android without Google Play Services (the Google’s proprietary part of Android operating system), mostly to protect its privacy.
Google Play Services contain background processes used by Google not only to provide services (e.g., push notifications, accurate geolocation combining GPS, Wi-Fi and GSM, application installations and updates…) but also to track the device usage (location, used applications, permanent connection to Google servers…).

Custom roms such as the popular LineageOS (community fork of CyanogenMod) propose, by default, a Google-Play-Services-free version, with optional installation of Google Play Services.

GitHub – matlink/gplayweb: GPlayWeb: A Web interface for GPlayCli

GPlayWeb: A Web interface for GPlayCli

microG Project

A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.

LinuxFest NW 2017. Who’s going? Best Place to stay?

Travel | LinuxFest Northwest 2017

TING

Ting – mobile that makes sense

Motion to switch from Linux (Limux) to Windows in Munich is canceled

I am a little bit surprised, but I guess, there was enough pressure from the open-source community in Munich to cancel the motion to switch from Linux (Limux) to Windows. It was supposed to pass on Wednesday, but now, it is gone.

state of snapd support across distros | Zygoon’s Corner

The story about getting snappy into other distributions

state of snapd support across distros | Zygoon’s Corner

The story about getting snappy into other distributions

Releases, releases, releases!

So here’s an update on what’s been going on and what’s to come.

Linux Academy

Linux Academy | Linux and AWS Online Training

takeover.sh: Wipe and reinstall a running Linux system via SSH, without rebooting. You know you want to.

A script to completely take over a running Linux system remotely, allowing you
to log into an in-memory rescue environment, unmount the original root
filesystem, and do anything you want, all without rebooting. Replace one distro
with another without touching a physical console.

The Depenguinator, version 2.0

In December 2003, I wrote a script for remotely upgrading a linux system to FreeBSD. I gave it a catchy name (“depenguinator”, inspired by the “Antichickenator” in Baldur’s Gate), announced it on a FreeBSD mailing list and on slashdot, and before long it was famous. Unfortunately, it didn’t take long for changes in the layout of FreeBSD releases to make the depenguination script stop working; so for the past three years I have been receiving emails asking me to update it to work with newer FreeBSD releases.

A few weeks ago, Richard Bejtlich came forward with an offer to pay me to make the necessary improvements (money doesn’t solve everything, but offering money certainly helps break the “I’ll do it when I have some free time” / “I never have any free time” deadlock). In the end I asked him to arrange for a donation to the FreeBSD Foundation instead of paying me, but his offer was enough of a prompt for me to spend ten hours revising and testing the depenguinator.

The key changes from before are as follows:

The depenguinator now works with recent FreeBSD releases.

The makefs code borrowed from NetBSD is updated, and as a result will compile on more recent versions of Linux.

Instead of setting a root password, the depenguinator now installs an SSH public key.

Instead of constructing a disk image which must be written to the first 40MB of the boot drive (which would often fail if that space contained an active filesystem), the depenguinator now constructs a disk image which can be written to a swap partition (after swapping is turned off, of course) and then booted via GRUB.

Allan Jude’s Depenguinator 3

Use depenguinator 3.x to overwrite a remote linux server with a FreeBSD installer

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

WireGuard: fast, modern, secure VPN tunnel

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

WireGuard: a new VPN tunnel [LWN.net]

Today I’m releasing WireGuard, an encrypted and authenticated
tunneling virtual interface for the kernel.

FOSDEM 2017 – WireGuard: Next Generation Secure Kernel Network Tunnel

The presentation will be divided up into several parts. First, there will be an overview of the problems with IPsec, OpenVPN, and other popular VPNs, outlining attacks and weaknesses. Next, the WireGuard idea of the “cryptokey routing table” will be introduced, and we’ll walk through several properties derived from it. This will transition into a discussion of the timer state mechanism, and how secure protocols are necessarily stateful, but it’s possible to make them appear stateless to the user by exhaustively defining all possible state transitions. Then we’ll get into the hardcore meat of the presentation: the cryptography and various crypto innovations behind WireGuard. We will discuss the triple Diffie-Hellman, the role of combining static and ephemeral keys, the performance and DoS-potential of Curve25519 point multiplication, using a PRF chaining for rotating keys, identity hiding and remaining silent on a network, and clever usage of authenticated encryption with additional data.

FOSDEM 2017 – Interview with Jason A. Donenfeld
WireGuard: Next Generation Secure Kernel Network Tunnel. Cutting edge crypto, shrewd kernel design, and networking meet in a surprisingly simple combination

Jason A. Donenfeld will give a talk about WireGuard: Next Generation Secure Kernel Network Tunnel. Cutting edge crypto, shrewd kernel design, and networking meet in a surprisingly simple combination at FOSDEM 2017.

The post Chilling with Kylin | LINUX Unplugged 184 first appeared on Jupiter Broadcasting.

Straight Outta FOSDEM | LINUX Unplugged 78

chris — Tue, 03 Feb 2015 18:37:45 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

FOSDEM just wrapped up, where thousands of developers & enthusiasts of free & open source software gather to talk all things Linux.

Plus we drool over the new Raspberry Pi 2 & ask if B+ buyers got a little screwed.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

FU:

FOSDEM 2015

Every year, thousands of developers of free and open source software from all over the world gather at the event in Brussels.

What’s New in systemd, 2015 Edition

systemd is now a core component of most major distributions. In this talk I want to give an overview over everything new in the systemd project over the last year, and what to expect over the next year.

How does systemd relate to Plasma? | David Edmundson’s Web Log

Hopefully it clears up what we mean when we talk about systemd and desktop environments, and where we could use different parts of systemd.

It should be apparent that as developers there are parts we want to embrace as it. In many cases it allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it as an optional extra defeats the main benefit.

Raspberry Pi 2 on sale now at $35 | Raspberry Pi

Let’s get the good stuff out of the way above the fold. Raspberry Pi 2 is now on sale for $35 (the same price as the existing Model B+), featuring:

A 900MHz quad-core ARM Cortex-A7 CPU (~6x performance)
1GB LPDDR2 SDRAM (2x memory)
Complete compatibility with Raspberry Pi 1

Because it has an ARMv7 processor, it can run the full range of ARM GNU/Linux distributions, including Snappy Ubuntu Core, as well as Microsoft Windows 10.

Turbocharged quad-core Raspberry Pi 2 unleashed, global geekgasm likely • The Register

Speaking to The Register last week, foundation head honcho Eben Upton said: “I think it’s a usable PC now. It was always the case that you could use a Raspberry Pi 1 as a PC but you had to say ‘this is a great PC in so far as it cost me 35 bucks’. We’ve removed the caveat that you had to be a bit forgiving with it. Now it’s just good.”

Runs Linux from the people:

Send in a pic/video of your runs Linux.
Please upload videos to YouTube and submit a link via email or the subreddit.

New Shows : Tech Talk Today (Mon – Thur)

Tech Talk Today Today | Jupiter Broadcasting

Support Jupiter Broadcasting on Patreon

Post-Show

Ubuntu Phone Desktop Tablet – YouTube

The post Straight Outta FOSDEM | LINUX Unplugged 78 first appeared on Jupiter Broadcasting.

Don’t Buy a Router | BSD Now 60

chris — Thu, 23 Oct 2014 10:33:30 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week on the show we’re joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We’ll be discussing what the BSD Router Project is, what it’s for and where it’s going. All this week’s headlines and answers to viewer-submitted questions, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

BSD Devroom CFP

This year’s FOSDEM conference (Belgium, Jan 31st – Feb 1st) is having a dedicated BSD devroom
They’ve issued a call for papers on anything BSD-related, and we always love more presentations
If you’re in the Belgium area or plan on going, submit a talk about something cool you’re doing
There’s also a mailing list and some more information in the original post

Bhyve SVM code merge

The bhyve_svm code has been in the “projects” tree of FreeBSD, but is now ready for -CURRENT
This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only
All the supported operating systems and utilities should work on both now
One thing to note: bhyve doesn’t support PCI passthrough on AMD just yet
There may still be some issues though

NetBSD at Open Source Conference Tokyo

The Japanese NetBSD users group held a booth at another recent open source conference
As always, they were running NetBSD on everything you can imagine
One of the users reports back to the mailing list on their experience, providing lots of pictures and links
Here’s an interesting screenshot of NetBSD running various other BSDs in Xen

More BSD switchers every day

A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community
Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect
So far, he’s found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion
There’s also another semi-related thread about another Linux user wanting to switch to BSD because of systemd and GNU people
There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read
Maybe the OPs should’ve just watched this show

Interview – Olivier Cochard-Labbé – olivier@cochard.me / @ocochardlabbe

The BSD Router Project

News Roundup

FreeBSD -CURRENT on a T420

Thinkpads are quite popular with BSD developers and users
Most of the hardware seems to be supported across the BSDs (especially wifi)
This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI
If you’ve got a Thinkpad, or especially this specific one, have a look at some of the steps involved
PR/194359 tracks this issue
Includes a URL to modified snapshots with a patch for the Auto (ZFS) mode in the installer to solve the GPT on some Lenovos issue

FreeNAS on a Supermicro 5018A-MHN4

More and more people are migrating their NAS devices to BSD-based solutions
In this post, the author goes through setting up FreeNAS on some of his new hardware
His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM – quite a lot for its small form factor
The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures)

Hardening procfs and linprocfs

There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux
There exists a native procfs in FreeBSD, which was the target point of that exploit, but it’s not used very often
The Linux emulation layer also supports its own linprocfs, which was affected as well
The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs
If you want to learn more about ASLR and HardenedBSD, be sure to check out our interview with Shawn too

pfSense monitoring with bandwidthd

A lot of people run pfSense on their home network, and it’s really useful to monitor the bandwidth usage
This article will walk you through setting up bandwidthd to do exactly that
bandwidthd monitors based on the IP address, rather than per-interface
It can also build some cool HTML graphs, and we love those pfSense graphs
Have a look at our bandwidth monitoring and testing tutorial for some more ideas

Feedback/Questions

Mailing List Gold

More old bugs
The Right Font (see also)

All the tutorials are posted in their entirety at bsdnow.tv
Send your BSD-related questions, comments, show ideas or stories you want mentioned on the show to feedback@bsdnow.tv – don’t hesitate to ask us if you need help with something
OpenBSD is now 19 years old as of a few days ago, and also just passed the 300,000 commit mark – happy late birthday and congrats
PCBSD will be at the Ohio Linuxfest (Columbus, Ohio on October 24–26) this year, so stop by and say hi if you’re there
If you’re in or around New York’s Capital District, our friend bcallah is giving a talk about OpenBSD on October 24th at the Rensselaer Polytechnic Institute
The FreeBSD graphics team has a new blog with some interesting content if you’re interested in that
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Don't Buy a Router | BSD Now 60 first appeared on Jupiter Broadcasting.

Edgy BSD Users | BSD Now 31

chris — Thu, 03 Apr 2014 21:02:03 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week we\’ll be talking to Richard Stallman about the upcoming GPLv4 and how it will protect our software from being stolen. After that, we\’ll show you how to recover from those pesky ZFS on Linux corruption issues, as well as some tips on how to explain to your boss that all the production boxes were compromised. Your questions and all the latest GNUs, on Linux Now – the place to Lin.. ux.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Preorders for cool BSD stuff

The 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder
We talked to GNN briefly about it, but he and Kirk have apparently finally finished the book
\”For many years, The Design and Implementation of the FreeBSD Operating System has been recognized as the most complete, up-to-date, and authoritative technical guide to FreeBSD\’s internal structure. Now, this definitive guide has been extensively updated to reflect all major FreeBSD improvements between Versions 5 and Versions 11\”
OpenBSD 5.5 preorders are also up, so you can buy a CD set now
You can help support the project, and even get the -release of the OS before it\’s available publicly
5.5 is a huge release with lots of big changes, so now is the right time to purchase one of these – tell Austin we sent you!

pkgsrcCon 2014 CFP

This year\’s pkgsrcCon is in London, on June 21st and 22nd
There\’s a Call For Papers out now, so you can submit your talks
Anything related to pkgsrc is fine, it\’s pretty informal
Does anyone in the audience know if the talks will be recorded? This con is relatively unknown

BSDMag issue for March 2014

The monthly BSD magazine releases its newest issue
Topics this time include: deploying NetBSD using AWS EC2, creating a multi-purpose file server with NetBSD, DragonflyBSD as a backup server, more GIMP lessons, network analysis with wireshark and a general security article
The Linux article trend seems to continue… hmm

Non-ECC RAM in FreeNAS

We\’ve gotten a few questions about ECC RAM with ZFS
Here we\’ve got a surprising blog post about why someone did not go with ECC RAM for his NAS build
The article mentions the benefits of ECC and admits it is a better choice in nearly all instances, but unfortunately it\’s not very widespread in consumer hardware motherboards and it\’s more expensive
Regular RAM also has \”special\” issues with ZFS and pool corruption
Long post, so check out the whole thing if you\’ve been considering your memory options and weighing the benefits
While we\’re on the topic of FreeNAS…

This episode was brought to you by

Interview – Pierre Pronchery – khorben@edgebsd.org / @khorben

EdgeBSD (slides)

Tutorial

Building an OpenBSD desktop

News Roundup

Getting to know your portmgr-lurkers

This week we get to hear from Frederic Culot, colut@
Originally an OpenBSD user from France, Frederic joined as a ports committer in 2010 and recently joined the portmgr lurkers team
\”FreeBSD is also one of my sources of inspiration when it comes to how
organizations behave and innovate, and I find it very interesting to compare FreeBSD with
the for-profit companies I work for\”
We get to find out a little bit about him, why he loves FreeBSD and what he does for the project

NetBSD on the Playstation 2

Who doesn\’t want to run NetBSD on their old PS2?
The PS2 port of NetBSD was sadly removed in 2009, but it has been revived
It\’s using a slightly unusual MIPS CPU that didn\’t have much GCC support
Hopefully a bootable kernel will be available soon

The FreeBSD Challenge update

Our friend from the Linux Foundation continues his FreeBSD switching journey
This time he starts off by discovering virtual machines suck at keeping accurate time, and some ports weren\’t working because of his clock being way off
After polling the IRC for help, he finally learns the difference between ntpdate and ntpd and both of their use cases
Maybe he should\’ve just read our NTP tutorial!

PCBSD weekly digest

The mount tray icon got lots of updates and fixes
The faulty distribution server has finally been tracked down and… destroyed
New language localization project is in progress
Many many updates to ports and PBIs, new -STABLE builds

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Edgy BSD Users | BSD Now 31 first appeared on Jupiter Broadcasting.

A Sixth pfSense | BSD 25

chris — Thu, 20 Feb 2014 21:25:32 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We\’ll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

EuroBSDCon and AsiaBSDCon

This year, EuroBSDCon will be in September in Sofia, Bulgaria
They\’ve got a call for papers up now, so everyone can submit the talks they want to present
There will also be a tutorial section of the conference
AsiaBSDCon will be next month, in March!
All the info about the registration, tutorials, hotels, timetable and location have been posted
Check the link for all the details on the talks – if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers!

FreeBSD 10 on Ubiquiti EdgeRouter Lite

The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU
This article goes through the process of installing and configuring FreeBSD on it to use as a home router
Lots of good pictures of the hardware and specific details needed to get you set up
It also includes the scripts to create your own images if you don\’t want to use the ones rolled by someone else
For such a cheap price, might be a really fun weekend project to replace your shitty consumer router
Of course if you\’re more of an OpenBSD guy, you can always see our tutorial for that too

Signed pkgsrc package guide

We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up
It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)
He goes through the process of signing packages with a public key and how to verify the packages when you install them
The author also happens to be an EdgeBSD developer

Big batch of OpenBSD hackathon reports

Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI
In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things
In the third, jsg updated libdrm and mesa and did various work on xenocara
In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead – but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he\’s done
In the fifth, claudio talks about some stuff he did for routing tables and misc. other things

This episode was brought to you by

Interview – Chris Buechler – cmb@pfsense.com / @cbuechler

pfSense

Tutorial

pfSense walkthrough

News Roundup

FreeBSD challenge continues

Our buddy from the Linux foundation continues his switching to BSD journey
In day 13, he covers some tips for new users, mentions trying things out in a VM first
In day 14, he starts setting up XFCE and X11, feels like he\’s starting over as a new Linux user learning the ropes again – concludes that ports are the way to go
In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch
In day 16, he dives into the world of FreeBSD jails!

BSD books in 2014

BSD books are some of the highest quality technical writings available, and MWL has written a good number of them
In this post, he details some of his plans for 2014
In includes at least one OpenBSD book, at least one FreeBSD book and…
Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)
Check the link for all the details

How to build FreeBSD/EC2 images

Our friend Colin Percival details how to build EC2 images in a new blog post
Most people just use the images he makes on their instances, but some people will want to make their own from scratch
You build a regular disk image and then turn it into an AMI
It requires a couple ports be installed on your system, but the whole process is pretty straightforward

PCBSD weekly digest

This time around we discuss how you can become a developer
Kris also details the length of supported releases
Expect lots of new features in 10.1

Feedback/Questions

Sean writes in: https://slexy.org/view/s216xJoCVG
Jake writes in: https://slexy.org/view/s2gLrR3VVf
Niclas writes in: https://slexy.org/view/s21gfG3Iho
Steffan writes in: https://slexy.org/view/s2JNyw5BCn
Antonio writes in: https://slexy.org/view/s2kg3zoRfm
Chris writes in: https://slexy.org/view/s2ZwSIfRjm

Our email backlog is pretty much caught up. Now\’s a great time to send us something – questions, stories, ideas, requests for something you want to see, anything
All the tutorials are posted in their entirety at bsdnow.tv
The OpenBSD router tutorial got a couple improvements and fixes
Just because our tutorial contest is over doesn\’t mean you can\’t submit any, we would love if more listeners wrote up a tutorial on interesting things they\’re doing with BSD
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
The BSD Now shirt design has been finalized, we have the files and are working out the printing details… expect them to be available in early-to-mid March!

The post A Sixth pfSense | BSD 25 first appeared on Jupiter Broadcasting.