hammer2 – Jupiter Broadcasting

This is a short introduction to assembly language programming on OpenBSD/amd64+arm64. Because of security features in the kernel, I have had to rethink a series of tutorials covering Aarch64 assembly language on OpenBSD, and therefore this will serve as a placeholder-cum-reminder.

OpenBSD, like many UNIX and unix-like operating systems, now uses the Executable and Linkable Format (ELF) for its binary libraries and executables. Although the structure of this format is beyond the scope of this short introduction, it is necessary for me to explain part of one of the headers.

Within the program header there are sections known as PT_NOTE that OpenBSD and other systems use to distinguish their ELF executables – OpenBSD looks for this section to check if it should attempt to execute the program or not.

Our first program: in C!

It’s often a good idea to prototype your assembly programs in a high level language such as C – it can then double up as both a set of notes and a working program that you can debug and compile into assembly language to compare with your own asm code.

See the article for the rest on:
Our first program: in x86-64 Asm (AT&T/GAS syntax)
Our first program: in inline x86-64 assembly
Our first program: in x86-64 asm (NASM syntax)
Our first program: in ARMv8 AArch64 assembly

###Using bhyve for FreeBSD Development

The Hypervisor

The bhyve hypervisor requires a 64-bit x86 processor with hardware support for virtualization. This requirement allows for a simple, clean hypervisor implementation, but it does require a fairly recent
processor. The current hypervisor requires an Intel processor, but there is an active development branch with support for AMD processors.
The hypervisor itself contains both user and kernel components. The kernel driver is contained in the vmm.ko module and can be loaded either at boot from the boot loader or at runtime. It must
be loaded before any guests can be created. When a guest is created, the kernel driver creates a device file in /dev/vmm which is used by the user programs to interact with the guest.
The primary user component is the bhyve(8) program. It constructs the emulated device tree in the guest and provides the implementation for most of the emulated devices. It also calls the kernel driver to execute the guest. Note that the guest always executes inside the driver itself, so guest execution time in the host is counted as system time in the bhyve process.
Currently, bhyve does not provide a system firmware interface to the guest (neither BIOS nor UEFI). Instead, a user program running on the host is used to perform boot time operations including loading the guest operating system kernel into the guest’s memory and setting the initial guest state so that the guest begins execution at the kernel’s entry point. For FreeBSD guests, the bhyveload(8) program can be used to load the kernel and prepare the guest for execution. Support for some other operating systems is available via the grub2-bhyve program which is available via the sysutils/grub2-bhyve port or as a prebuilt package.
The bhyveload(8) program in FreeBSD 10.0 only supports 64-bit guests. Support for 32-bit guests will be included in FreeBSD 10.1.

See the article for the very technical breakdown of the following:
Network Setup
Bridged Configuration
Private Network with NAT
Using dnsmasq with a Private Network
Running Guests via vmrun.sh
Configuring Guests
Using a bhyve Guest as a Target
Conclusion

The bhyve hypervisor is a nice addition to a FreeBSD developer’s toolbox. Guests can be used both to develop new features and to test merges to stable branches. The hypervisor has a wide variety of uses beyond developing FreeBSD as well.

##News Roundup
###Games on FreeBSD

What do all programmers like to do after work? Ok, what do most programers like to do after work? The answer is simple: play a good game! Recently at the Polish BSD User Group meetup mulander was telling us how you can play games on OpenBSD. Today let’s discuss how this looks in the FreeBSD world using the “server only” operating system.

XNA based games

One of the ways of playing natively is to play indie games which use XNA. XNA is a framework from Microsoft which uses .NET, for creating games. Fortunately, in the BSD world we have Mono, an open source implementation of Microsoft’s .NET Framework which you can use to run games. There is also FNA framework which is a reimplementation of XNA which allows you to run the games under Linux. Thomas Frohwein, from OpenBSD, prepared a script, fnaify. Fnaify translate all dependencies used by an FNA game to OpenBSD dependencies.
I decided to port the script to FreeBSD. The script is using /bin/sh which in the case of OpenBSD is a Korn Shell.

I didn’t test it with many games, but I don’t see any reason why it shouldn’t work with all the games tested by the OpenBSD guys. For example, with:

Cryptark
Rouge Legacy
Apotheon
Escape Goat
Bastion
CrossCode
Atom Zombie Smasher
Open-Source games

In FreeBSD and OpenBSD we also will find popular games which were open sourced. For example, I spend a lot of time playing in Quake 3 Arena on my FreeBSD machine. You can very simply install it using pkg: # pkg install ioquake3

Then move the files for the skins and maps to the .ioquake3 directory from your copy of Quake. In the past I also played UrbanTerror which is a fully open source shooter based on the Quake 3 Arena engine. It’s is also very easy to install it from ports: # pkg install iourbanterror

In the ports tree in the games directory you can find over 1000 directories, many of them with fully implemented games. I didn’t test many games in this category, but you can find some interesting titles like:

openxcom (Open-source re-implementation of the original X-Com)
openjazz (Free re-implementation of the Jazz Jackrabbit game engine)
corsixth (Open source re-implementation of Theme Hospital)
quake2
openra (Red Alert)
openrct2 (Open source re-implementation of RollerCoaster Tycoon 2)
openmw (Open source engine reimplementation of the game Morrowind)

All those titles are simply installed through the packages. In that case I don’t think FreeBSD has any difference from OpenBSD.

Wine

One of the big advantages of FreeBSD over OpenBSD is that FreeBSD supports wine. Wine allows you to run Windows applications under other operating systems (including mac). If you are a FreeBSD 11 user, you can simply fetch wine from packages: # pkg install i386-wine

To run Windows games, you need to have a 32-bit wine because most of the games on Windows are built on 32-bits (maybe this has changed – I don’t play so much these days). In my case, because I run FreeBSD-CURRENT I needed to build wine from ports. It wasn’t nice, but it also wasn’t unpleasant. The whole step-by-step building process of a wine from ports can be found here.

Summary

As you can see there are many titles available for *BSDs. Thanks to the FNA and fnaify, OpenBSD and FreeBSD can work with indie games which use the XNA framework. There are many interesting games implemented using this framework. Open source is not only for big server machines, and there are many re-implementations of popular games like Theme Hospital or RollerCoaster Tycoon 2. The biggest market is still enabled through wine, although its creates a lot of problems to run the games. Also, if you are an OpenBSD user only this option is not available for you. Please also note that we didn’t discuss any other emulators besides wine. In OpenBSD and FreeBSD there are many of them for GameBoy, SNES, NeoGeo and other games consoles.

###FreeBSD For Thanksgiving

I’ve been working on FreeBSD for Intel for almost 6 months now. In the world of programmers, I am considered an old dog, and these 6 months have been all about learning new tricks. Luckily, I’ve found myself in a remarkably inclusive and receptive community whose patience seems plentiful. As I get ready to take some time off for the holidays, and move into that retrospective time of year, I thought I’d beat the rush a bit and update on the progress
Earlier this year, I decided to move from architect of the Linux graphics driver into a more nebulous role of FreeBSD enabling. I was excited, but also uncertain if I was making the right decision.
Earlier this half, I decided some general work in power management was highly important and began working there. I attended BSDCam (handsome guy on the right), and led a session on Power Management. I was honored to be able to lead this kind of effort.
Earlier this quarter, I put the first round of my patches up for review, implementing suspend-to-idle. I have some rougher patches to handle s0ix support when suspending-to-idle. I gave a talk MeetBSD about our team’s work.
Earlier this month, I noticed that FreeBSD doesn’t have an implementation for Intel Speed Shift (HWPstates), and I started working on that.
Earlier this week, I was promoted from a lowly mentee committer to a full src committer.
Earlier today, I decided to relegate my Linux laptop to the role of my backup machine, and I am writing this from my Dell XPS13 running FreeBSD

vandamme 13.0-CURRENT FreeBSD 13.0-CURRENT #45 881fee072ff(hwp)-dirty: Mon Nov 19 16:19:32 PST 2018 bwidawsk@vandamme:/usr/home/bwidawsk/usr/obj/usr/home/bwidawsk/usr/src/amd64.amd64/sys/DEVMACHINE amd64

6 months later, I feel a lot less uncertain about making the right decision. In fact, I think both opportunities would be great, and I’m thankful this Thanksgiving that this is my life and career. I have more plans and things I want to get done. I’m looking forward to being thankful again next year.

###hammer2: no space left on device on Dragonfly BSD

The Issue

hammer2 does not actually delete a file when you rm or unlink it. Since recovery of the file is possible (this is the design of hammer2), there will still be an entry taking up data. It’s similar to how git works.
Even with 75% usage listed here, the filesystem could still have filled up. If you are using it as your root filesystem, then attempts to clean up data may fail. If the kernel panics over this, you will see something like this.

The Fix

If you have a recent enough version of the rescue ramdisk installed, on bootup you can press ‘r’ and access the rescue ramdisk. Your provider will have to offer some sort of remote interface for interacting with the operating system before it boots, like VNC or IPMI. You can then mount your filesystem using:

[root@ ~]# mkdir /tmp/fs
[root@ ~]# mount_hammer2 -o local /dev/vbd0s1a /tmp/fs

If you receive an error that /sbin/hammer2 is not found, then your rescue ramdisk is not up to date enough. In that scenario, download the latest 5.2 iso from dragonflybsd.org and boot from the cd-rom on your virtual machine or physical device. Just login as root instead of installer.
If the mount does succeed, then all you have to do is run the following twice:

[root@ ~]# /sbin/hammer2 bulkfree /tmp/fs

If you do not have enough memory on your machine, you may need to mount swap. Add your swap partition to the /etc/fstab and then do:

[root@ ~]# swapon -a

Once you have ran the bulkfree command twice, the usage reported by df -h will be correct. However, there is a chance on reboot that a core dump will be placed in /var/crash/ so be prepared to have plenty of space free in case that happens. You should also delete any files you can and run the bulkfree operation twice afterwards to clear up additional space.

##Beastie Bits

##Feedback/Questions

Ron – Ideas for feedback section
Paulo – SDIO Firmware
Dan – Some fun ZFS questions about labels

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Language: Assembly | BSD Now 274 first appeared on Jupiter Broadcasting.

Show Me The Mooney | BSD Now 248

Angela Fisher — Wed, 30 May 2018 07:45:46 +0000

Headlines

DragonFlyBSD: release52 (w/stable HAMMER2, as default root)

DragonflyBSD 5.2.1 was released on May 21, 2018
> Big Ticket items:

Meltdown and Spectre mitigation support
Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectremitigation and machdep.meltdownmitigation.
HAMMER2
H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode.
Clustered support is not yet available.
ipfw Updates
Implement state based “redirect”, i.e. without using libalias.
ipfw now supports all possible ICMP types.
Fix ICMPMAXTYPE assumptions (now 40 as of this release).
Improved graphics support
The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs
Add 24-bit pixel format support to the EFI frame buffer code.
Significantly improve fbio support for the “scfb” XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU.
Partly implement the FBIOBLANK ioctl for display powersaving.
Syscons waits for drm modesetting at appropriate places, avoiding races.

PS4 4.55 BPF Race Condition Kernel Exploit Writeup

Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I’ve published it under the “FreeBSD” folder and not the “PS4” folder.

Introduction

Welcome to the kernel portion of the PS4 4.55FW full exploit chain write-up. This bug was found by qwerty, and is fairly unique in the way it’s exploited, so I wanted to do a detailed write-up on how it worked. The full source of the exploit can be found here. I’ve previously covered the webkit exploit implementation for userland access here.

FreeBSD or Sony’s fault? Why not both…

Interestingly, this bug is actually a FreeBSD bug and was not (at least directly) introduced by Sony code. While this is a FreeBSD bug however, it’s not very useful for most systems because the /dev/bpf device driver is root-owned, and the permissions for it are set to 0600 (meaning owner has read/write privileges, and nobody else does) – though it can be used for escalating from root to kernel mode code execution. However, let’s take a look at the make_dev() call inside the PS4 kernel for /dev/bpf (taken from a 4.05 kernel dump).

seg000:FFFFFFFFA181F15B lea rdi, unk_FFFFFFFFA2D77640 seg000:FFFFFFFFA181F162 lea r9, aBpf ; "bpf" seg000:FFFFFFFFA181F169 mov esi, 0 seg000:FFFFFFFFA181F16E mov edx, 0 seg000:FFFFFFFFA181F173 xor ecx, ecx seg000:FFFFFFFFA181F175 mov r8d, 1B6h seg000:FFFFFFFFA181F17B xor eax, eax seg000:FFFFFFFFA181F17D mov cs:qword_FFFFFFFFA34EC770, 0 seg000:FFFFFFFFA181F188 call make_dev

We see UID 0 (the UID for the root user) getting moved into the register for the 3rd argument, which is the owner argument. However, the permissions bits are being set to 0x1B6, which in octal is 0666. This means anyone can open /dev/bpf with read/write privileges. I’m not sure why this is the case, qwerty speculates that perhaps bpf is used for LAN gaming. In any case, this was a poor design decision because bpf is usually considered privileged, and should not be accessible to a process that is completely untrusted, such as WebKit. On most platforms, permissions for /dev/bpf will be set to 0x180, or 0600.

Race Conditions – What are they?

The class of the bug abused in this exploit is known as a “race condition”. Before we get into bug specifics, it’s important for the reader to understand what race conditions are and how they can be an issue (especially in something like a kernel). Often in complex software (such as a kernel), resources will be shared (or “global”). This means other threads could potentially execute code that will access some resource that could be accessed by another thread at the same point in time. What happens if one thread accesses this resource while another thread does without exclusive access? Race conditions are introduced.

Race conditions are defined as possible scenarios where events happen in a sequence different than the developer intended which leads to undefined behavior. In simple, single-threaded programs, this is not an issue because execution is linear. In more complex programs where code can be running in parallel however, this becomes a real issue. To prevent these problems, atomic instructions and locking mechanisms were introduced. When one thread wants to access a critical resource, it will attempt to acquire a “lock”. If another thread is already using this resource, generally the thread attempting to acquire the lock will wait until the other thread is finished with it. Each thread must release the lock to the resource after they’re done with it, failure to do so could result in a deadlock.

While locking mechanisms such as mutexes have been introduced, developers sometimes struggle to use them properly. For example, what if a piece of shared data gets validated and processed, but while the processing of the data is locked, the validation is not? There is a window between validation and locking where that data can change, and while the developer thinks the data has been validated, it could be substituted with something malicious after it is validated, but before it is used. Parallel programming can be difficult, especially when, as a developer, you also want to factor in the fact that you don’t want to put too much code in between locking and unlocking as it can impact performance.

See article for the rest

iXsystems

Remote Debugging the running OpenBSD kernel

Subtitled: A way to understand the OpenBSD internals
+> The Problem
+> A few month ago, I tried porting the FreeBSD kdb along with it’s gdb stub implementations to OpenBSD as a practice of learning the internals of an BSD operating system. The ddb code in both FreeBSD and OpenBSD looks pretty much the same and the GDB Remote Serial Protocol looks very minimal.
+> But sadly I got very busy and the work is stalled but I’m planning on resuming the attempt as soon as I get the chance, But there is an alternative way to Debugging the OpenBSD kernel via QEMU. What I did below is basically the same with a few minor changes which I hope to describe it as best.
+> Installing OpenBSD on Qemu
+> For debugging the kernel, we need a working OpenBSD system running on Qemu. I chose to create a raw disk file to be able to easily mount it later via the host and copy the custom kernel onto it.

$ qemu-img create -f raw disk.raw 5G
$ qemu-system-x8664 -m 256M \
-drive format=raw,file=install63.fs \
-drive format=raw,file=disk.raw
+> Custom Kernel
+> To debug the kernel, we need a version of the kernel with debugging symbols and for that we have to recompile it first. The process is documented at Building the System from Source:
…
+> Then we can copy the bsd kernel to the guest machine and keep the bsd.gdb on the host to start the remote debugging via gdb.
+> Remote debugging kernel
+> Now it’s to time to boot the guest with the new custom kernel. Remember that the -s argument enables the gdb server on qemu on localhost port 1234 by default:
$ qemu-system-x8664 -m 256M -s \
-net nic -net user \
-drive format=raw,file=install63.fs \
+> Now to finally attach to the running kernel:

Interview – Patrick Mooney – Software Engineer pmooney@pfmooney.com / @pfmooney

BR: How did you first get introduced to UNIX?
AJ: What got you started contributing to an open source project?
BR: What sorts of things have you worked on in the past?
AJ: Can you tell us more about what attracted you to illumos?
BR: How did you get interested in, and started with, systems development?
AJ: When did you first get interested in bhyve?
BR: How much work was it to take the years-old port of bhyve and get it working on modern IllumOS?
AJ: What was the process for getting the bhyve port caught up to current FreeBSD?
BR: How usable is bhyve on illumOS?
AJ: What area are you most interested in improving in bhyve?
BR: Do you think the FreeBSD and illumos versions of bhyve will stay in sync with each other?
AJ: What do you do for fun?
BR: Anything else you want to mention?

News Roundup

Setting up buildbot in FreeBSD Jails

In this article, I would like to present a tutorial to set up buildbot, a continuous integration (CI) software (like Jenkins, drone, etc.), making use of FreeBSD’s containerization mechanism “jails”. We will cover terminology, rationale for using both buildbot and jails together, and installation steps. At the end, you will have a working buildbot instance using its sample build configuration, ready to play around with your own CI plans (or even CD, it’s very flexible!). Some hints for production-grade installations are given, but the tutorial steps are meant for a test environment (namely a virtual machine). Buildbot’s configuration and detailed concepts are not in scope here.

Table of contents
- Choosing host operating system and version for buildbot
- Create a FreeBSD playground
- Introduction to jails
- Overview of buildbot
- Set up jails
- Install buildbot master
- Run buildbot master
- Install buildbot worker
- Run buildbot worker
- Set up web server nginx to access buildbot UI
- Run your first build
- Production hints
- Finished!
Choosing host operating system and version for buildbot

We choose the released version of FreeBSD (11.1-RELEASE at the moment). There is no particular reason for it, and as a matter of fact buildbot as a Python-based server is very cross-platform; therefore the underlying OS platform and version should not make a large difference.

It will make a difference for what you do with buildbot, however. For instance, poudriere is the de-facto standard for building packages from source on FreeBSD. Builds run in jails which may be any FreeBSD base system version older or equal to the host’s version (reason will be explained below). In other words, if the host is FreeBSD 11.1, build jails created by poudriere could e.g. use 9.1, 10.3, 11.0, 11.1, but potentially not version 12 or newer because of incompatibilities with the host’s kernel (jails do not run their own kernel as full virtual machines do). To not prolong this article over the intended scope, the details of which nice things could be done or automated with buildbot are not covered.

Package names on the FreeBSD platform are independent of the OS version, since external software (as in: not part of base system) is maintained in FreeBSD ports. So, if your chosen FreeBSD version (here: 11) is still officially supported, the packages mentioned in this post should work. In the unlikely event of package name changes before you read this article, you should be able to find the actual package names like pkg search buildbot.

Other operating systems like the various Linux distributions will use different package names but might also offer buildbot pre-packaged. If not, the buildbot installation manual offers steps to install it manually. In such case, the downside is that you will have to maintain and update the buildbot modules outside the stability and (semi-)automatic updates of your OS packages.

See article for the rest

DigitalOcean

Dumping your USB

One of the many new features of OpenBSD 6.3 is the possibility to dump USB traffic to userland via bpf(4). This can be done with tcpdump(8) by specifying a USB bus as interface:

“`

tcpdump -Xx -i usb0

tcpdump: listening on usb0, link-type USBPCAP
12:28:03.317945 bus 0 < addr 1: ep1 intr 2
0000: 0400 ..

12:28:03.318018 bus 0 > addr 1: ep0 ctrl 8
0000: 00a3 0000 0002 0004 00 ………
[…]
“`

As you might have noted I decided to implement the existing USBPcap capture format. A capture format is required because USB packets do not include all the necessary information to properly interpret them. I first thought I would implement libpcap’s DLTUSB but then I quickly realize that this was not a standard. It is instead a FreeBSD specific format which has been since then renamed DLTUSBFREEBSD.
But I didn’t want to embrace xkcd #927, so I look at the existing formats: DLTUSBFREEBSD, DLTUSBLINUX, DLTUSBLINUXMMAPPED, DLTUSBDARWIN and DLT_USBPCAP. I was first a bit sad to see that nobody could agree on a common format then I moved on and picked the simplest one: USBPcap.
Implementing an already existing format gives us out-of-box support for all the tools supporting it. That’s why having common formats let us share our energy. In the case of USBPcap it is already supported by Wireshark, so you can already inspect your packet graphically. For that you need to first capture raw packets:

“`

tcpdump -s 3303 -w usb.pcap -i usb0

tcpdump: listening on usb0, link-type USBPCAP
^C
208 packets received by filter
0 packets dropped by kernel
“`

USB packets can be quite big, that’s why I’m not using tcpdump(8)’s default packet size. In this case, I want to make sure I can dump the complete uaudio(4) frames.
It is important to say that what is dumped to userland is what the USB stack sees. Packets sent on the wire might differ, especially when it comes to retries and timing. So this feature is not here to replace any USB analyser, however I hope that it will help people understand how things work and what the USB stack is doing. Even I found some interesting timing issues while implementing isochronous support.

Run OpenBSD on your web server

Deploy and login to your OpenBSD server first.

As soon as you’re there you can enable an httpd(8) daemon, it’s already installed on OpenBSD, you just need to configure it:

www# vi /etc/httpd.conf

Add two server sections—one for www and another for naked domain (all requests are redirected to www).

“`
server “www.example.com” {
listen on * port 80
root “/htdocs/www.example.com”
}

server “example.com” {
listen on * port 80
block return 301 “https://www.example.com$REQUEST_URI”
}
“`

httpd is chrooted to /var/www by default, so let’s make a document root directory:

www# mkdir -p /var/www/htdocs/www.example.com

Save and check this configuration:

www# httpd -n configuration ok

Enable httpd(8) daemon and start it.

www# rcctl enable httpd www# rcctl start httpd

Publish your website
Copy your website content into /var/www/htdocs/www.example.com and then test it your web browser.

https://XXX.XXX.XXX.XXX/

Your web server should be up and running.

Update DNS records

If there is another HTTPS server using this domain, configure that server to redirect all HTTPS requests to HTTP.

Now as your new server is ready you can update DNS records accordingly.

example.com. 300 IN A XXX.XXX.XXX.XXX www.example.com. 300 IN A XXX.XXX.XXX.XXX

Examine your DNS is propagated.

$ dig example.com www.example.com

Check IP addresses it answer sections. If they are correct, you should be able to access your new web server by its domain name.
What’s next? Enable HTTPS on your server.

Modern Akonadi and KMail on FreeBSD

For, quite literally a year or more, KMail and Akonadi on FreeBSD have been only marginally useful, at best. KDE4 era KMail was pretty darn good, but everything after that has had a number of FreeBSD users tearing out their hair. Sure, you can go to Trojitá, which has its own special problems and is generally “meh”, or bail out entirely to webmail, but .. KMail is a really great mail client when it works. Which, on Linux desktops, is nearly always, and on FreeBSD, is was nearly never.

I looked at it with Dan and Volker last summer, briefly, and we got not much further than “hmm”. There’s a message about “The world is going to end!” which hardly makes sense, it means that a message has been truncated or corrupted while traversing a UNIX domain socket.

Now Alexandre Martins — praise be! — has wandered in with a likely solution. KDE Bug 381850 contains a suggestion, which deserves to be publicised (and tested):

sysctl net.local.stream.recvspace=65536
sysctl net.local.stream.sendspace=65536

The default FreeBSD UNIX local socket buffer space is 8kiB. Bumping the size up to 64kiB — which matches the size that Linux has by default — suddenly makes KMail and Akonadi shine again. No other changes, no recompiling, just .. bump the sysctls (perhaps also in /etc/sysctl.conf) and KMail from Area51 hums along all day without ending the world.

Since changing this value may have other effects, and Akonadi shouldn’t be dependent on a specific buffer size anyway, I’m looking into the Akonadi code (encouraged by Dan) to either automatically size the socket buffers, or to figure out where in the underlying code the assumption about buffer size lives. So for now, sysctl can make KMail users on FreeBSD happy, and later we hope to have things fully automatic (and if that doesn’t pan out, well, pkg-message exists).

PS. Modern KDE PIM applications — Akonadi, KMail — which live in the deskutils/ category of the official FreeBSD ports were added to the official tree April 10th, so you can get your fix now from the official tree.

Beastie Bits

Tarsnap ad

Feedback/Questions

Dave – mounting non-filesystem things inside jails
Morgan – ZFS on Linux Data loss bug
Rene – How to keep your ISP’s nose out of your browser history with encrypted DNS
Rodriguez – Feedback question! Relating to Windows

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Show Me The Mooney | BSD Now 248 first appeared on Jupiter Broadcasting.

HAMR Time | TechSNAP 341

chris — Tue, 17 Oct 2017 20:32:42 +0000

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Update Every Device — This KRACK Hack Kills Your Wi-Fi Privacy

use a VPN & https, which would reduce the attack surface, but it’s not ‘perfect’.
Update from Forbes
Lots of stuff updated. Lots of stuff not. This is where it pays to know what you have in use and monitor your suppliers for notices.

Mobile carriers selling personal data

Mobile carriers sell users’ personal information to third parties

Western Digital Stuns Storage Industry with MAMR Breakthrough for Next-Gen HDDs

Western Digital Hard Drives Will Provide Over 40TB of Storage by 2025
new tech is MAMR – microwave-assisted magnetic recording instead of HAMR (Heat-assisted magnetic recording) with a laser
[Why MAMR over HAMR?]](https://www.extremetech.com/computing/257352-western-digital-reveals-mamr-technology-allow-40tb-hard-drives)

Feedback

Round Up:

The post HAMR Time | TechSNAP 341 first appeared on Jupiter Broadcasting.

PIE in the Sky | BSD Now 85

chris — Thu, 16 Apr 2015 11:18:11 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This time on the show, we’ll be talking with Pascal Stumpf about static PIE in the upcoming OpenBSD release. He’ll tell us what types of attacks it prevents, and why it’s such a big deal. We’ve also got answers to questions from you in the audience and all this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Solaris’ networking future is with OpenBSD

A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
What’s more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
This blog post goes through some of the backstory of the two firewalls
PF is in a lot of places – other BSDs, Mac OS X and iOS – but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
“Many of the world’s largest corporations and government agencies are heavy Solaris users, meaning that even if you’re neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD’s PF for their filtering needs, we will all be benefiting even more from the OpenBSD project’s emphasis on correctness, quality and security”
You’re welcome, Oracle

BAFUG discussion videos

The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
Lastly, Kip Macy gave a talk titled “network stack changes, user-level FreeBSD”
The main two subjects there are some network stack changes, and how to get more people contributing, but there’s also open discussion about a variety of FreeBSD topics
If you’re close to the Bay Area in California, be sure to check out their group and attend a meeting sometime

More than just a makefile

If you’re not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
As it turns out, the ports system really isn’t that different from a binary package manager – they are what’s used to create binary packages, after all
The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
After that, he shows you how to get your new port tested, if you’re interesting in doing some porting yourself, and getting involved with the rest of the community
This post is very long and there’s a lot more to it, so check it out (and more discussion on Hacker News)

Securing your home fences

Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
We hear from a lot of users who want to set up some kind of BSD-based firewall, but don’t hear back from them after they’ve done it.. until now
In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
The post covers all the hardware you’ll need, getting the OS installed to a flash drive or SD card and going through the whole process
Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
If you don’t have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
We love super-detailed guides like this, so everyone should write more and send them to us immediately

Interview – Pascal Stumpf – pascal@openbsd.org

Static PIE in OpenBSD

News Roundup

LLVM’s new libFuzzer

We’ve discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
It looks like LLVM is going to have their own fuzzing tool too now
The Clang and LLVM guys are no strangers to this type of code testing, but decided to “close the loop” and start fuzzing parts of LLVM (including Clang) using LLVM itself
With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future

HardenedBSD upgrades secadm

The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
We covered both the secadm tool and integriforce in previous episodes, but the short version is that it’s a way to prevent files from being altered (even as root)
Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now

RAID5 returns to OpenBSD

OpenBSD’s softraid subsystem, somewhat similar to FreeBSD’s GEOM, has had experimental RAID5 support for a while
However, it was exactly that – experimental – and required a recompile to enable
With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
Now it’s on by default, and there’s a call for testing being put out, so grab a snapshot and put the code through its paces
The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the “do you want to enable DUIDs?” question entirely

pkgng 1.5.0 released

Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
The “provides” and “requires” support is finally in a regular release
A new “-r” switch will allow for direct installation to a chroot or alternate root directory
Memory usage should be much better now, and some general code speed-ups were added
This version also introduces support for Mac OS X, NetBSD and EdgeBSD – it’ll be interesting to see if anything comes of that
Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt)

p2k15 hackathon reports

There was another OpenBSD hackathon that just finished up in the UK – this time it was mainly for ports work
As usual, the developers sent in reports of some of the things they got done at the event
Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn’t provide any hardware documentation, as well as updating some of the games in ports
Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all – he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier

Feedback/Questions

Mailing List Gold

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you want to come on for an interview, or know someone else who might be interesting to hear from, let us know

The post PIE in the Sky | BSD Now 85 first appeared on Jupiter Broadcasting.

Documentation is King | BSD Now 30

chris — Thu, 27 Mar 2014 21:38:46 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We chat with Warren Block to discuss BSD documentation efforts and future plans. If you\’ve ever wondered about the scary world of mailing lists, today\’s tutorial will show you the basics of how to get help and contribute back. There\’s lots to get to today, so sit back and enjoy some BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

OpenBSD on a Sun T5120

Our buddy Ted Unangst got himself a cool Sun box
Of course he had to write a post about installing and running OpenBSD on it
The post goes through some of the quirks and steps to go through in case you\’re interested in one of these fine SPARC machines
He\’s also got another post about OpenBSD on a Dell CS24-SC server

Bhyvecon 2014 videos are up

Like we mentioned last week, Bhyvecon was an almost-impromptu conference before AsiaBSDCon
The talks have apparently already been uploaded!
Subjects include Bhyve\’s past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization
Lots more detail in the videos, so check \’em all out

Building a FreeBSD wireless access point

We\’ve got a new blog post about creating a wireless access point with FreeBSD
After all the recent news of consumer routers being pwned like candy, it\’s time for people to start building BSD routers
The author goes through a lot of the process of getting one set up using good ol\’ FreeBSD
Using hostapd, he\’s able to share his wireless card in hostap mode and offer DHCP to all the clients
Plenty of config files and more messy details in the post

Switching from Synology to FreeNAS

The author has been considering getting a NAS for quite a while and documents his research
He was faced with the compromise of convenience vs. flexibility – prebuilt or DIY
After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice
The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give
Speaking of FreeNAS…

This episode was brought to you by

Interview – Warren Block – wblock@freebsd.org

FreeBSD\’s documentation project, igor, doceng

Tutorial

The world of BSD mailing lists

News Roundup

HAMMER2 work and notes

Matthew Dillon has posted some updated notes about the development of the new HAMMER version
The start of a cluster API was committed to the tree
There are also links to design document, a freemap design document, that should be signed with a digital signing software from the
sodapdf esign site

BSD Breaking Barriers

Our friend MWL gave a talk at NYCBSDCon about BSD \”breaking barriers\”
\”What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We\’ll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years.\”
He also has another upcoming talk, (or \”webcast\”) called \”Beyond Security: Getting to Know OpenBSD\’s Real Purpose\”
\”OpenBSD is frequently billed as a high-security operating system. That\’s true, but security isn\’t the OpenBSD Project\’s main goal. This webcast will introduce systems administrators to OpenBSD, explain the project\’s mission, and discuss the features and benefits.\”
It\’s on May 27th and will hopefully be recorded

FreeBSD in a chroot

Finch, \”FreeBSD running IN a CHroot,\” is a new project
It\’s a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.)
All the details and some interesting use cases are on the github page
He really needs to change the project name though

PCBSD weekly digest

Lots of bugfixes for PCBSD coming down the tubes
LZ4 compression is now enabled by default on the whole pool
The latest 10-STABLE has been imported and builds are going
Also the latest GNOME and Cinnamon builds have been imported and much more

Feedback/Questions

Bostjan writes in (IRC suggests md5deep)
Don writes in
kaltheat writes in (We use R0DE Podcast microphones and Logitech C920 HD webcams)
Harri writes in

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
We wanted to give the Bay Area FreeBSD Users Group a special mention, if you\’re in the San Francisco Bay Area, there\’s a very healthy BSD community there and they regularly have meet-ups
If you listened to the audio-only version of this week\’s episode, you\’re really missing out on Warren\’s fun animations in the interview!

The post Documentation is King | BSD Now 30 first appeared on Jupiter Broadcasting.