This time on the show, we’ll be talking some ZFS with Sean Chittenden. He’s been using it on FreeBSD at Groupon, and has some interesting stories about how it’s saved his data. Answers to your emails and all of this week’s headlines, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

More BSDCan 2015 videos

• Almost as if we said it would happen last week, more BSD-related presentation videos have been uploaded
• Alexander Motin, Feature-rich and fast SCSI target with CTL and ZFS
• Daichi Goto, FreeBSD for High Density Servers
• Ken Moore, Lumina-DE
• Kevin Bowling, FreeBSD Operations at Limelight Networks
• Maciej Pasternacki, Jetpack, a container runtime for FreeBSD
• Ray Percival, Networking with OpenBSD in a virtualized environment
• Reyk Floeter, Introducing OpenBSD’s new httpd
• Still more to come, hopefully

OpenBSD httpd rewrite support

• One of the most-requested features of OpenBSD’s new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite support
• There were concerns about regex code being too complicated and potentially allowing another attack surface, so that was out
• Instead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindings
• In the mailing list post, he shows an example of how to use it for redirects and provides the diff if you’d like to give it a try now
• It’s since been committed to -current, so you can try it out with a snapshot too

SSH 2FA on FreeBSD

• We’ve discussed different ways to lock down SSH access to your BSD boxes before – use keys instead of passwords, whitelist IPs, or even use two-factor authentication
• This article serves as a sort of “roundup” on different methods to set up two-factor authentication on FreeBSD
• It touches on key pairs with a server-side password, google authenticator and a few other variations
• While the article is focused on FreeBSD, a lot of it can be easily applied to the others too
• OpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems

NetBSD 7.0-RC1 released

• NetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (11 months ago)
• Some of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1
• They’re looking for as much testing as possible, so give it a try and report your findings to the release engineering team

Interview – Sean Chittenden – seanc@freebsd.org / @seanchittenden

FreeBSD at Groupon, ZFS

News Roundup

OpenSMTPD and Dovecot

• We’ve covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the last
• This blog post about it has something not mentioned before: virtual domains and virtual users
• This means you can easily have “user1@domain.com” and “user2@otherdomain.com” both go to a local user on the box (or a different third address)
• It also covers SSL certificates, blocking spam and setting up IMAP access, the usual
• Now might also be a good time to test out OpenSMTPD 5.7.1-rc1, which we’ll cover in more detail when it’s released…

OctoPkg, a QT frontend to pkgng

• A PC-BSD user has begun porting over a graphical package management utility from Arch linux called Octopi
• Obviously, it needed to be rewritten to use FreeBSD’s pkg system instead of pacman
• There are some basic instructions on how to get it built and running on the github page
• After some testing, it’ll likely make its way to the FreeBSD ports tree
• Tools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over

AFL vs. mandoc, a quantitative analysis

• Ingo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFL
• It’s meant to be accompanying material to his BSDCan talk, which already covered nine topics
• mandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying input
• The article breaks down the 45 different bugs that were found, based on their root cause
• If you’re interested in secure coding practices, this’ll be a great one to read

OpenZFS conference video

• Videos from the second OpenZFS conference have just started to show up
• The first talk is by, you guessed it, Matt Ahrens
• In it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked on
• There are also videos from Nexenta and HGST, talking about how they use and contribute to OpenZFS

Feedback/Questions

• Bryson writes in
• Kevin writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Bitrot Group Therapy | BSD Now 95 first appeared on Jupiter Broadcasting.

On this week’s mini-episode, we’ll be talking with Baptiste Daroussin about packaging the FreeBSD base system with pkgng. Is this the best way going forward, or are we getting dangerously close to being Linux-like? We’ll find out, and also get to a couple of your emails while we’re at it, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Xen dom0 in FreeBSD 11-CURRENT

• FreeBSD has just gotten dom0 support for the Xen hypervisor, something NetBSD has had for a while now
• The ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base
• It’s currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we’ll likely see it when 11.0 comes out
• How will this affect interest in Bhyve?

A tale of two educational moments

• Here we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project
• It’s split into two stories: one that could’ve gone better, and one that went really well
• For the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies
• Experience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours – but wasn’t so encouraging about getting it committed
• In the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user’s workflow considerably with just a few tips
• The lesson to take away from this is that we can all help out to encourage and assist new users – everyone was a newbie once

What’s coming in NetBSD 7

• We first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn’t been released and there hasn’t been much public info about it
• This blog post outlines some of the bigger features that we can expect to see when it actually does come out
• Their total platform count is now over 70, so you’d be hard-pressed to find something that it doesn’t run on
• There have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards)
• Many ARM boards now have full SMP support
• Clang has also finally made its way into the base system, something we’re glad to see, and it should be able to build the base OS on i386, AMD64 and ARM – other architectures are still a WIP
• In the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc
• NetBSD’s in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0
• Looking to the future, NetBSD hopes to integrate a stable ZFS implementation later on

OpenZFS office hours

• We mentioned a couple weeks back that the OpenZFS office hours series was starting back up
• They’ve just uploaded the recording of their most recent freeform discussion, with Justin Gibbs being the main presenter
• In it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more

Interview – Baptiste Daroussin – bapt@freebsd.org

Packaging the FreeBSD base system with pkgng

Discussion

Packaging the FreeBSD base system with pkgng (follow-up)

Feedback/Questions

• Jeff writes in
• Anonymous writes in
• Alex writes in
• Joris writes in

Mailing List Gold

• ok feedback@

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Writing articles or blog posts (or making videos) about what you do with BSD is great for advocacy and promotion, so do it and send them all to us
• We’ll be back next week with a regular full episode

The post pkg remove freebsd-update | BSD Now 84 first appeared on Jupiter Broadcasting.

We’ll be chatting with Bernard Spil about wider adoption of LibreSSL in other communities. He’s been doing a lot of work with FreeBSD ports specifically, but also working with upstream projects. As usual, all this weeks news and answers to your questions, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

EuroBSDCon 2015 call for papers

• The call for papers has been announced for the next EuroBSDCon, which is set to be held in Sweden this year
• According to their site, the call for presentation proposals period will start on Monday the 23rd of March until Friday the 17th of April
• If giving a full talk isn’t your thing, there’s also a call for tutorials – if you’re comfortable teaching other people about something BSD-related, this could be a great thing too
• You’re not limited to one proposal – several speakers gave multiple in 2014 – so don’t hesitate if you’ve got more than one thing you’d like to talk about
• We’d like to see a more balanced conference schedule than BSDCan’s having this year, but that requires effort on both sides – if you’re doing anything cool with any BSD, we’d encourage you submit a proposal (or two)
• Check the announcement for all the specific details and requirements
• If your talk gets accepted, the conference even pays for your travel expenses

Making security sausage

• Ted Unangst has a new blog post up, detailing his experiences with some recent security patches both in and out of OpenBSD
• “Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!”
• The post first takes us through a few OpenBSD errata patches, explaining how some can get fixed very quickly, but others are more complicated and need a bit more review
• It also covers security in upstream codebases, and how upstream projects sometimes treat security issues as any other bug
• Following that, it leads to the topic of FreeType – and a much more complicated problem with backporting patches between versions
• The recent OpenSSL vulnerabilities were also mentioned, with an interesting story to go along with them
• Just 45 minutes before the agreed-upon announcement, OpenBSD devs found a problem with the patch OpenSSL planned to release – it had to be redone at the last minute
• It was because of this that FreeBSD actually had to release a security update to their security update
• He concludes with “My number one wish would be that every project provide small patches for security issues. Dropping enormous feature releases along with a note ‘oh, and some security too’ creates downstream mayhem.”

Running FreeBSD on the server, a sysadmin speaks

• More BSD content is appearing on mainstream technology sites, and, more importantly, BSD Now is being mentioned
• ITWire recently did an interview with Allan about running FreeBSD on servers (possibly to go with their earlier interview with Kris about desktop usage)
• They discuss some of the advantages BSD brings to the table for sysadmins that might be used to Linux or some other UNIX flavor
• It also covers specific features like jails, ZFS, long-term support, automating tasks and even… what to name your computers
• If you’ve been considering switching your servers over from Linux to FreeBSD, but maybe wanted to hear some first-hand experience, this is the article for you

NetBSD ported to Hardkernel ODROID-C1

• In their never-ending quest to run on every new board that comes out, NetBSD has been ported to the Hardkernel ODROID-C1
• This one features a quad-core ARMv7 CPU at 1.5GHz, has a gig of ram and gigabit ethernet… all for just $35
• There’s a special kernel config file for this board’s hardware, available in both -current and the upcoming 7.0
• More info can be found on their wiki page
• After this was written, basic framebuffer console support was also committed, allowing a developer to run XFCE on the device

Interview – Bernard Spil – spil.oss@gmail.com / @sp1l

LibreSSL adoption in FreeBSD ports and the wider software ecosystem

News Roundup

Monitoring pf logs with Gource

• If you’re using pf on any of the BSDs, maybe you’ve gotten bored of grepping logs and want to do something more fancy
• This article will show you how to get set up with Gource for a cinematic-like experience
• If you’ve never heard of Gource, it’s “an OpenGL-based 3D visualization tool intended for visualizing activity on source control repositories”
• When you put all the tools together, you can end up with some pretty eye-catching animations of your firewall traffic
• One of our listeners wrote in to say that he set this up and, almost immediately, noticed his girlfriend’s phone had been compromised – graphical representations of traffic could be useful for detecting suspicious network activity

pkgng 1.5.0 alpha1 released

• The development version of pkgng was updated to 1.4.99.14, or 1.5.0 alpha1
• This update introduces support for provides/requires, something that we’ve been wanting for a long time
• It will also now print which package is the reason for direct dependency change
• Another interesting addition is the “pkg -r” switch, allowing cross installation of packages
• Remember this isn’t the stable version, so maybe don’t upgrade to it just yet on any production systems
• DragonFly will also likely pick up this update once it’s marked stable

Welcome to OpenBSD

• We mentioned last week that our listener Brian was giving a talk in the Troy, New York area
• The slides from that talk are now online, and they’ve been generating quite a bit of discussion online
• It’s simply titled “Welcome to OpenBSD” and gives the reader an introduction to the OS (and how easy it is to get involved with contributing)
• Topics include a quick history of the project, who the developers are and what they do, some proactive security techniques and finally how to get involved
• As you may know, NetBSD has almost 60 supported platforms and their slogan is “of course it runs NetBSD” – Brian says, with 17 platforms over 13 CPU architectures, “it probably runs OpenBSD”
• No matter which BSD you might be interested in, these slides are a great read, especially for any beginners looking to get their feet wet
• Try to guess which font he used…

BSDTalk episode 252

• And somehow Brian has snuck himself into another news item this week
• He makes an appearance in the latest episode of BSD Talk, where he chats with Will about running a BSD-based shell provider
• If that sounds familiar, it’s probably because we did the same thing, albeit with a different member of their team
• In this interview, they discuss what a shell provider does, hardware requirements and how to weed out the spammers in favor of real people
• They also talk a bit about the community aspect of a shared server, as opposed to just running a virtual machine by yourself

Feedback/Questions

• Christian writes in
• Stefan writes in
• Possnfiffer writes in
• Ruudsch writes in
• Shane writes in

Mailing List Gold

• Accidental support
• Larry’s tears
• The boy who sailed with BSD

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – don’t be afraid to write about your experiences and send them to us, we’d love to read about what you guys are doing with BSD
• If you’re interested in OpenZFS discussion, they’re looking to start up the office hours series again on April 2nd (with Justin Gibbs)
• There’s a new BSD users group starting up in the Vancouver, British Columbia area – VanBUG will be holding an event on April 8th

The post SSL in the Wild | BSD Now 82 first appeared on Jupiter Broadcasting.

We’re away at AsiaBSDCon this week, but we’ve still got a packed episode for you. First up is a sequel to the “PC-BSD tour” segment from a while back, highlighting how ZFS boot environments work. After that, Justin Gibbs joins us to talk about the FreeBSD foundation’s 15th anniversary. We’ll return next week with a normal episode of BSD Now – which is of course, the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Special segment

Demystifying Boot Environments in PC-BSD

Interview – Justin Gibbs – gibbs@freebsd.org / @freebsdfndation

The FreeBSD foundation’s 15th anniversary

Discussion

How PC-BSD got started

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We’ll be back from AsiaBSDCon next week with lots of great interviews hopefully

The post The PC-BSD Tour II | BSD Now 80 first appeared on Jupiter Broadcasting.

Coming up in this week’s episode, we’ll be talking with one of OpenBSD’s newest developers – Brent Cook – about the portable version of LibreSSL and how it’s developed. We’ve also got some important information about the FreeBSD port of LibreSSL. The latest news and your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD quarterly status report

• FreeBSD has gotten quite a lot done this quarter
• Changes in the way release branches are supported – major releases will get at least five years over their lifespan
• A new automounter is in the works, hoping to replace amd (which has some issues)
• The CAM target layer and RPC stack have gotten some major optimization and speed boosts
• Work on ZFSGuru continues, with a large status report specifically for that
• The report also mentioned some new committers, both source and ports
• It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we’ve already mentioned on the show
• “Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period”

A new OpenBSD HTTPD is born

• Work has begun on a new HTTP daemon in the OpenBSD base system
• A lot of people are asking “why?” since OpenBSD includes a chrooted nginx already – will it be removed? Will they co-exist?
• Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn’t trying to be a full-featured replacement)
• It’s partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
• This has the added benefit of the usual, easy-to-understand syntax and privilege separation
• There’s a very brief man page online already
• It supports vhosts and can serve static files, but is still in very active development – there will probably be even more new features by the time this airs
• Will it be named OpenHTTPD? Or perhaps… LibreHTTPD? (I hope not)

pkgng 1.3 announced

• The newest version of FreeBSD’s second generation package management system has been released, with lots of new features
• It has a new “real” solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
• Lots of the code has been sandboxed for extra security
• You’ll probably notice some new changes to the UI too, making things more user friendly
• A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday

FreeBSD after-install security tasks

• A number of people have written in to ask us “how do I secure my BSD box after I install it?”
• With this blog post, hopefully most of their questions will finally be answered in detail
• It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
• Not only does it just list things to do, but the post also does a good job of explaining why you should do them
• Maybe we’ll see some more posts in this series in the future

Interview – Brent Cook – bcook@openbsd.org / @busterbcook

LibreSSL’s portable version and development

News Roundup

FreeBSD Mastery – Storage Essentials

• MWL‘s new book about the FreeBSD storage subsystems now has an early draft available
• Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
• Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
• You’ll get access to the completed (e)book when it’s done if you buy the early draft
• The suggested price is $8

Why BSD and not Linux?

• Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
• Lots of good responses from users of the various BSDs
• Directly ripping a quote: “Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is “GCC free”. DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity.”
• And “Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS.”
• Some other users share their switching experiences – worth a read

More g2k14 hackathon reports

• Following up from last week’s huge list of hackathon reports, we have a few more
• Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
• Andrew Fresh enjoyed his first hackathon, pushing OpenBSD’s perl patches upstream and got tricked into rewriting the adduser utility in perl
• Ted Unangst did his usual “teduing” (removing of) old code – say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
• Luckily we didn’t have to cover 20 new ones this time!

BSDTalk episode 243

• The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
• The main topic of discussion is mandoc, which some users might not be familiar with
• mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it’s not built by default)
• You may also want to watch Ingo’s BSDCan talk about mandoc
• We’ll catch up to you soon, Will…

Feedback/Questions

• Thomas writes in
• Stephen writes in
• Sha’ul writes in
• Florian writes in
• Bob Beck writes in – and note the “Caution” section that was added to libressl.org

• All the tutorials are posted in their entirety at bsdnow.tv
• Just can’t get enough LibreSSL? Brent also did a text-only interview for Undeadly, which we also have a link to there
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Want to come on for an interview or have a tutorial you’d like to see? Let us know
• If you’re a big PCBSD fan, or have been curious about what it has to offer over regular FreeBSD, you’ll like next week’s episode
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Liberating SSL | BSD Now 48 first appeared on Jupiter Broadcasting.

We’re back and this week we’ll be showing you how to tunnel out of a restrictive network using only DNS queries.

We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes.

All the latest news and answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

Become a supporter on Patreon:

– Show Notes: –

Headlines

EuroBSDCon 2014 registration open

• September is getting closer, and that means it’s time for EuroBSDCon – held in Bulgaria this year
• Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th
• Tutorials, sessions, dev summits and everything else all have their own pricing as well
• Registering between August 18th – September 12th will cost more for everything
• You can register online here and check hotels in the area
• The FreeBSD foundation is also accepting applications for travel grants

OpenBSD SMP PF update

• A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded
• With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump
• In a recent mailing list thread, Henning Brauer addresses some of the concerns
• The short version is that too many things in OpenBSD are currently single-threaded for it to matter – just reworking PF by itself would be useless
• He also says PF on OpenBSD is over four times faster than FreeBSD’s old version, presumably due to those extra years of development it’s gone through
• There’s also been even more recent concern about the uncertain future of FreeBSD’s PF, being mostly unmaintained since their SMP patches
• We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us

Introduction to NetBSD pkgsrc

• An article from one of our listeners about how to create a new pkgsrc port or fix one that you need
• The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format
• It also lists all the different bmake targets and their functions in relation to the porting process
• Finally, the post details the whole process of creating a new port

FreeBSD 9.3-RELEASE

• After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday
• The full list of changes is available, but it’s mostly a smaller maintenance release
• Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated… and much more
• If you haven’t jumped to the 10.x branch yet (and there are a lot of people who haven’t!) this is a worthwhile upgrade – 9.2-RELEASE will reach EOL soon
• Good news, this will be the first release with PGP-signed checksums on the FTP mirrors – a very welcome change
• 9.2’s EOL was extended until December of this year
• With that out of the way, the 10.1-RELEASE schedule was posted

Interview – Bryan Drewery – bdrewery@freebsd.org / @bdrewery

The FreeBSD package building cluster, pkgng, ports, various topics

Tutorial

Tunneling traffic through DNS

News Roundup

SSH two-factor authentication on FreeBSD

• We’ve previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website
• This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port
• Using this setup, every user that logs in with a password will have an extra requirement before they can gain access – but users with public keys can login normally
• It’s a really, really simple process once you have the port installed – full details on the page

Ditch tape backup in favor of FreeNAS

• The author of this post shares some of his horrible experiences with tape backups for a client
• Having constant, daily errors and failed backups, he needed to find another solution
• With 1TB of backups, tapes just weren’t a good option anymore – so he switched to FreeNAS (after also ruling out a pre-built NAS)
• The rest of the article details his experiences with it and tells about his setup

NetBSD vs FreeBSD, desktop experiences

• A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job
• Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try – especially since it has a native nVidia driver
• “Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga.”
• He’s become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system

PCBSD not-so-weekly digest

• Speaking of choices for a desktop system, it’s the return of the PCBSD digest!
• Warden and PBI_add have gotten some interesting new features
• You can now create jails “on the fly” when adding a new PBI to your application library
• Bulk jail creation is also possible now, and it’s really easy
• New Jenkins integration, with public access to Poudriere logs as well (https://builds.pcbsd.org)
• PkgNG 1.3.0.rc2 testing for EDGE users

Feedback/Questions

• Jeff writes in – Sending Encrypted Backups over SSH + Sending ZFS snapshots via user
• Bruce writes in
• Richard writes in
• Jeff writes in
• Steve writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We love hearing from listeners – tell us what you think of the show or what you’d like to see!
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Congrats to the new FreeBSD core team members
• The first (and second.. and third..) portable release of LibreSSL is available on the OpenBSD FTP sites, with a brief announcement email
• Test it on your platform of choice, including building ports against it, and report your findings to either the LibreSSL team or the port maintainers so we can increase compatibility
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Network Iodometry | BSD Now 46 first appeared on Jupiter Broadcasting.

We show off OpenBSD\’s new \”autoinstall\” feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now – it\’s the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD ASLR status update

• Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD
• He\’s implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386)
• Work has also started on testing ASLR on ARM, using a Raspberry Pi
• He\’s giving a presentation at BSDCan this year about his ASLR work
• While we\’re on the topic of BSDCan…

BSDCan tutorials, improving the experience

• Peter Hansteen writes a new blog post about his upcoming BSDCan tutorials
• The tutorials are called \”Building the network you need with PF, the OpenBSD packet filter\” and \”Transitioning to OpenBSD 5.5\” – both scheduled to last three hours each
• He\’s requesting anyone that\’ll be there to go ahead and contact him, telling him exactly what you\’d like to learn
• There\’s also a bit of background information about the tutorials and how he\’s looking to improve them
• If you\’re interested in OpenBSD and going to BSDCan this year, hit him up

pkgsrc-2014Q1 released

• The new stable branch of pkgsrc packages has been built and is ready
• Python 3.3 is now a \”first class citizen\” in pkgsrc
• 14255 packages for NetBSD-current/x86_64, 11233 binary packages built with clang for FreeBSD 10/x86_64
• There\’s a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD – you could even use pkgsrc instead of pkgng or ports if you were so inclined
• They\’re also looking into signing packages

Only two holes in a heck of a long time, who cares?

• A particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list
• He questions \”what\’s the big deal\” about OpenBSD\’s slogan being \”Only two remote holes in the default install, in a heck of a long time!\”
• Luckily, the community and Theo set the record straight about why you should care about this
• Running insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features of OpenBSD
• It spawned a discussion about ease of management and Linux\’s poor security record, definitely worth reading

Interview – Dru Lavigne – dru@freebsd.org / @bsdevents

FreeBSD\’s documentation printing, documentation springs, various topics

Tutorial

Automatic, unattended OpenBSD installs with PXE

News Roundup

pfSense 2.1.1 released

• A new version of pfSense is released, mainly to fix some security issues
• Tracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router
• There are also some NIC driver updates and other things
• Of course if you want to learn more about pfSense, watch episode 25
• 2.1.2 is already up for testing too

FreeBSD gets UEFI support

• It looks like FreeBSD\’s battle with UEFI may be coming to a close?
• Ed Maste committed a giant list of patches to enable UEFI support on x86_64
• Look through the list to see all the details and information
• Thanks FreeBSD foundation!

Ideas for the next DragonflyBSD release

• Mr. Dragonfly release engineer himself, Justin Sherrill posts some of his ideas for the upcoming release
• They\’re aiming for late May for the next version
• Ideas include better support for running in a VM, pkgng fixes, documentation updates and PAM support
• Gasp, they\’re even considering dropping i386

PCBSD weekly digest

• Lots of new PBI updates for 10.0, new runtime implementation
• New support for running 32 bit applications in PBI runtime
• Autodetection for DVD / Audio CD insertion / plus playback
• Latest GNOME 3 and Cinnamon merged, new edge package builds

Feedback/Questions

• Remy writes in
• Jan writes in
• Eddie writes in
• Zen writes in
• Sean writes in

• BSD Now has an official IRC channel now. #bsdnow on irc.freenode.net
• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
• Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Just a quick reminder: If you\’re running OpenSSL 1.0.1 through 1.0.1f please update it and regenerate, rotate and revoke your keys if you run a server with HTTPS, IMAPS, etc – huge security hole! (Also DES offers some insight on the FreeBSD security process)
• We\’re lucky it wasn\’t OpenSSH

The post PXE Dust | BSD Now 32 first appeared on Jupiter Broadcasting.

On today\’s show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Tailoring OpenBSD for an old, strange computer

• The author of this article had an OmniBook 800CT, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU
• Obviously he had to install some kind of BSD on it!
• This post goes through all his efforts of trimming down OpenBSD to work on such a limited device
• He goes through the trial and error of \”compile, break it, rebuild, try again\”
• After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working

pkgsrcCon and BSDCan

• pkgsrccon is \”a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure\”
• This year it will be on June 21st and 22nd
• The schedule is still being worked out, so if you want to give a talk, submit it
• BSDCan\’s schedule was also announced
• We\’ll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more
• Kris\’ presentation was accepted!
• Tons of topics, look forward to the recorded versions of all of them hopefully!

Two factor auth with pushover

• A new write-up from our friend Ted Unangst
• Pushover is \”a web hook to smartphone push notification gateway\” – you sent a POST to a web server and it sends a code to your phone
• His post goes through the steps of editing your login.conf and setting it all up to work
• Now you can get a two factor authenticated login for ssh!

The status of GNOME 3 on BSD

• It\’s no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems
• OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use
• This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast
• A few recent posts from some GNOME developers show that they\’re finally working with the BSD guys to improve portability
• The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us – it\’s a beautiful thing
• This goes right along with our interview today!

This episode was brought to you by

Interview – Joe Marcus Clark – marcus@freebsd.org

The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics

Tutorial

The FreeBSD Ports Collection

News Roundup

DragonflyBSD 3.8 goals and 3.6.1 release

• The Dragonfly team is thinking about what should be in version 3.8
• On their bug tracker, it lists some of the things they\’d like to get done before then
• In the meantime, 3.6.1 was released with lots of bugfixes

NYCBSDCon 2014 wrap-up piece

• We\’ve got a nice wrap-up titled \”NYCBSDCon 2014 Heats Up a Cold Winter Weekend\”
• The author also interviews GNN about the conference
• There\’s even a little \”beginner introduction\” to BSD segment
• Includes a mention of the recently-launched journal and lots of pictures from the event

FreeBSD and Linux, a comparative analysis

• GNN in yet another story – he gave a presentation at the NYLUG about the differences between FreeBSD and Linux
• He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs \”distros,\” development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences
• Serves as a good introduction you can show your Linux friends

PCBSD CFT and weekly digest

• Upgrade tools have gotten a major rewrite
• You have to help test it, there is no choice! Read more here
• How dare Kris be \”unimpressed with\” freebsd-update and pkgng!?
• Various updates and fixes

Feedback/Questions

• Jeffrey writes in: https://slexy.org/view/s213KxUdVj
• Shane writes in: https://slexy.org/view/s20lwkjLVK
• Ferdinand writes in: https://slexy.org/view/s21DqJs77g
• Curtis writes in: https://slexy.org/view/s20eXKEqJc
• Clint writes in: https://slexy.org/view/s21XMVFuVu
• Peter writes in: https://slexy.org/view/s20Xk05MHe

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Our email backlog is totally caught up now, so email us all your questions!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Port Authority | BSD Now 26 first appeared on Jupiter Broadcasting.

This week on BSD Now… a wrap-up from NYCBSDCon! We\’ll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it\’s BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 10 as a firewall

• Back in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead
• Now, with the release of 10.0, he\’s apparently changed his mind and switched back over
• It mentions the SMP version of pf, general performance advantages and more modern features
• The author is a regular listener of BSD Now, hi Joe!

Network Noise Reduction Using Free Tools

• Really long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD
• Peter Hansteen, author of the book of PF, goes through how he uses OpenBSD\’s spamd and other security features to combat spam and malware
• He goes through his experiences with content filtering and disappointment with a certain proprietary vendor
• Not totally BSD-specific, lots of people can enjoy the article – lots of virus history as well

FreeBSD ASLR patches submitted

• So far, FreeBSD hasn\’t had Address Space Layout Randomization
• ASLR is a nice security feature, see wikipedia for more information
• With a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course)
• We might have Shawn on the show to talk about it, but he\’s also giving a presentation at BSDCan about his work with ASLR

Old-style pkg_ tools retired

• At last the old pkg_add tools are being retired in FreeBSD
• pkgng is a huge improvement, and now portmgr@ thinks it\’s time to cut the cord on the legacy toolset
• Ports aren\’t going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go
• All pkg_ tools will be considered unsupported on September 1, 2014 – even on older branches

This episode was brought to you by

Interview – Luke Marsden – luke@hybridcluster.com / @lmarsden

BSD at HybridCluster

Tutorial

Filesharing with chrooted SFTP

News Roundup

FreeBSD on OpenStack

• OpenStack is a cloud computing project
• It consists of \”a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API.\”
• Until now, there wasn\’t a good way to run a full BSD instance on OpenStack
• With a project in the vein of Colin Percival\’s AWS startup scripts, now that\’s no longer the case!

FOSDEM BSD videos

• This year\’s FOSDEM had seven BSD presentations
• The videos are slowly being uploaded for your viewing pleasure
• Not all of the BSD ones are up yet, but by the time you\’re watching this they might be!
• Check this directory for most of \’em
• The BSD dev room was full, lots of interest in what\’s going on from the other communities

The FreeBSD challenge finally returns!

• Due to prodding from a certain guy of a certain podcast, the \”FreeBSD Challenge\” series has finally resumed
• Our friend from the Linux foundation picks up with day 11 and day 12 on his switching from Linux journey
• This time he outlines the upgrade process of going from 9 to 10, using freebsd-update
• There\’s also some notes about different options for upgrading ports and some extra tips

PCBSD weekly digest

• After the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while
• During their \”fine tuning phase\” users are encouraged to submit any and all bugs via the trac system
• Warden got some fixes and the package manager got some updates as well
• Huge size reduction in PBI format

Feedback/Questions

• After today\’s questions, our email backlog will be just about caught up. Now\’s a great time to send us something – questions, stories, ideas, requests, anything you want
• Derrick writes in: https://slexy.org/view/s21nbJKYmb
• Sean writes in: https://slexy.org/view/s2yhziVsBP
• Patrick writes in: https://slexy.org/view/s20PuccWbo
• Peter writes in: https://slexy.org/view/s22PL0SbUO
• Sean writes in: https://slexy.org/view/s20dkbjuOK

• All the tutorials are posted in their entirety at bsdnow.tv
• Last week\’s NTP tutorial got a small update if you\’re running a LAN-only server, as well as a couple links on how to turn it into a stratum 1 server with a GPS device
• The SSH tutorial also got some updates
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Lastly, the BSD Now t-shirt is close to being ready… stay tuned!

The post The Cluster & The Cloud | BSD Now 24 first appeared on Jupiter Broadcasting.

Put away the Christmas trees and update your ports trees! We\’re back with the first show of 2014, and we\’ve got some catching up to do. This time on the show, we have an interview with Baptiste Daroussin about the future of FreeBSD binary packages. Following that, we\’ll be highlighting a cool script to do binary upgrades on OpenBSD. Lots of holiday news and listener feedback, on BSD Now – the place to B.. SD.

Thanks to:

• iXsystems: This is what 80 cores and 1TB of RAM looks like!

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Faces of FreeBSD continues

• Our first one details Shteryana Shopova, the local organizer for EuroBSDCon 2014 in Sophia
• Gives some information about how she got into BSD
• \”I installed FreeBSD on my laptop, alongside the Windows and Slackware Linux I was running on it at the time. Several months later I realized that apart from FreeBSD, I hadn\’t booted the other two operating systems in months. So I wiped them out.\”
• She wrote bsnmpd and extended it with the help of a grant from the FreeBSD Foundation
• We\’ve also got one for Kevin Martin
• Started off with a pinball website, ended up learning about FreeBSD from an ISP and starting his own hosting company
• \”FreeBSD has been an asset to our operations, and while we have branched out a bit, we still primarily use FreeBSD and promote it whenever possible. FreeBSD is a terrific technology with a terrific community.\”

OpenPF?

• A blog post over at the Dragonfly digest
• What if we had some cross platform development of OpenBSD\’s firewall?
• Similar to portable OpenSSH or OpenZFS, there could be a centrally-developed version with compatibility glue
• Right now FreeBSD 9\’s pf is old, FreeBSD 10\’s pf is old (but has the best performance of any implementation due to custom patches), NetBSD\’s pf is old (but they\’re working on a fork) and Dragonfly\’s pf is old
• Further complicated by the fact that PF itself doesn’t have a version number, since it was designed to just be ‘the pf that came with OpenBSD 5.4’
• Not likely to happen any time soon, but it\’s good food for thought

Year of BSD on the server

• A good blog post about switching servers from Linux to BSD
• 2014 is going to be the year of a lot of switching, due to FreeBSD 10\’s amazing new features
• This author was particularly taken with pkgng and the more coherent layout of BSD systems
• Similarly, there was also a recent reddit thread, \”Why did you choose BSD over Linux?\”
• Both are excellent reads for Linux users that are thinking about making the switch, send \’em to your friends

Getting to know your portmgr

• This time in the series they interview Bryan Drewery, a fairly new addition to the team
• He started maintaining portupgrade and portmaster, and eventually ended up on the ports management team
• Believe it or not, his wife actually had a lot to do with him getting into FreeBSD full-time
• Lots of fun trivia and background about him
• Speaking of portmgr, our interview for today is…

This episode was brought to you by

Interview – Baptiste Daroussin – bapt@freebsd.org

The future of FreeBSD\’s binary packages, ports\’ features, various topics

Tutorial

Binary upgrades in OpenBSD

• Using a third party script, binary upgrades in OpenBSD are easy
• It automates a lot of the manual work and saves time – great for large deployments

News Roundup

pfSense december hang out

• Interview/presentation from pfSense developer Chris Buechler with an accompanying blog post
• \”This is the first in what will be a monthly recurring series. Each month, we’ll have a how to tutorial on a specific topic or area of the system, and updates on development and other happenings with the project. We have several topics in mind, but also welcome community suggestions on topics\”
• Speaking of pfSense, they recently opened an online store
• We\’re planning on having a pfSense episode next month!

BSDMag December issue is out

• The free monthly BSD magazine gets a new release for December
• Topics include CARP on FreeBSD, more BSD programming, \”unix basics for security professionals,\” some kernel introductions, using OpenBSD as a transparent proxy with relayd, GhostBSD overview and some stuff about SSH

OpenBSD gets tmpfs

• In addition to the recently-added FUSE support, OpenBSD now has tmpfs
• To get more testing, it was enabled by default in -current
• Should make its way into 5.5 if everything goes according to plan
• Enables lots of new possibilities, like our ccache and tmpfs guide

PCBSD weekly digests

• Catching up with all the work going on in PCBSD land..
• 10.0-RC2 is now available
• The big pkgng 1.2 problems seem to have been worked out

Feedback/Questions

• Remy writes in: https://slexy.org/view/s2UrUzlnf6
• Jason writes in: https://slexy.org/view/s2iqnywwKX
• Rob writes in: https://slexy.org/view/s2IUcPySbh
• John writes in: https://slexy.org/view/s21aYlbXz2
• Stuart writes in: https://slexy.org/view/s21vrYSqU8

• All the tutorials are posted in their entirety at bsdnow.tv
• The jail tutorial and disk encryption tutorial have gotten some improvements and updates
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Happy new year everybody!

The post Eclipsing Binaries | BSD Now 18 first appeared on Jupiter Broadcasting.

This week is the long-awaited episode you\’ve been asking for! We\’ll be giving you a crash course on becoming a ZFS wizard, as well as having a chat with George Wilson about the OpenZFS project\’s recent developments. We have answers to your feedback emails and there are some great news items to get caught up on too, so stay tuned to BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

pkgng 1.2 released

• bapt and bdrewery from the portmgr team released pkgng 1.2 final
• New features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new \”pkg config\” command, repo improvements, vuXML is now default, new fingerprint features and much more
• Really simple to upgrade, check our pkgng tutorial if you want some easy instructions
• It\’s also made its way into Dragonfly
• See the show notes for the full list of new features and fixes

ChaCha20 and Poly1305 in OpenSSH

• Damien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305
• Long blog post explaining what these are and why we need them
• This cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC
• RC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn\’t show the packet length in cleartext
• Great explanation of the differences between EtM, MtE and EaM and their advantages
• \”Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly.\”

Is it time to dump Linux and move to BSD

• ITworld did an article about switching from Linux to BSD
• The author\’s interest was sparked from a review he was reading that said \”I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0\”
• The whole article can be summed up with \”yes\” – ok, next story!

OpenZFS devsummit videos

• Kicking off the ZFS episode, we\’ve got…
• The OpenZFS developer summit discussion and presentation videos are up
• People from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced
• Question and answer session from representatives of every OS – had a couple FreeBSD guys there including one from the foundation
• Presentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production
• TONS of video, about 6 hours\’ worth
• This leads us into our interview, which is…

Interview – George Wilson – Soft Eng at Delphix – wilzun@gmail.com / @zfsdude

• KM: Can you tell us a little about yourself how you first got involved with ZFS?
• AJ: Which features have you worked on in the past?
• KM: Which platform do you personally use ZFS on, and for what tasks?
• AJ: So what exactly is the OpenZFS project about?
• KM: What do you hope the future of OpenZFS will bring?
• AJ: When are we going to see native encryption?
• KM: Are there some new features you\’re currently hacking on?
• AJ: Is there anything specific you\’d like to see added to ZFS in the future?
• KM: How did the developer summit and hackathon go?
• AJ: Where can people go to get involved with development, and what\’s currently needed?
• KM: Anything else you\’d like to mention?

Tutorial

A crash course on ZFS

• Everything you need to know to get acquainted with the world\’s most powerful filesystem on the world\’s most powerful OS
• Includes both beginner and advanced topics

News Roundup

ruBSD 2013 information

• The ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia
• Speakers include three OpenBSD developers, Theo de Raadt, Henning Brauer and Mike Belopuhov
• Their talks are titled \”The bane of backwards compatibility,\” \”OpenBSD\’s pf: Design, Implementation and Future\” and \”OpenBSD: Where crypto is going?\”
• No word on if there will be video recordings, but we\’ll let you know if that changes

DragonFly roadmap, post 3.6

• John Marino posted a possible roadmap for DragonFly, now that they\’re past the 3.6 release
• He wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils)
• Plans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still
• Bring in fixes and new stuff from FreeBSD 10

BSDCan 2014 CFP

• BSDCan 2014 will be held on May 16-17 in Ottawa, Canada
• They\’re now accepting proposals for talks
• If you are doing something interesting with a BSD operating system, please submit a proposal
• We\’ll be getting lots of interviews there

casperd added to -CURRENT

• \”It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted.\”
• Lists some sysctls that can be controlled

ZFS corruption bug fixed in -CURRENT

• Just a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded

Feedback/Questions

• Chris writes in: https://slexy.org/view/s2JDWKjs7l
• SW writes in: https://slexy.org/view/s20BLqxTWD
• Jason writes in: https://slexy.org/view/s2939tUOf5
• Clint writes in: https://slexy.org/view/s21qKY6qIb
• Chris writes in: https://slexy.org/view/s20LWlmhoK

• The written versions of the Tor, jails and OpenBSD router tutorials have gotten a few small improvements and fixes
• The poudriere and pkgng tutorials have been updated for the new 1.2 repository syntax
• All the tutorials are posted in their entirety at bsdnow.tv, including today\’s HUGE ZFS one
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you have stories about how you or your company uses BSD, interesting things you\’ve done, crazy network stories or cool projects, send them to us!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Kris\’ Skype video was coming straight from PCBSD this week!

The post Zettabytes for Days | BSD Now 14 first appeared on Jupiter Broadcasting.

We\’ll be talking to renowned BSD author Michael Lucas about his latest opus, \”Sudo Mastery.\” Also, we\’ve heard your cries and we\’ll also finally be showing you how to build a BSD desktop system from the ground up. There\’s plenty of news items to cover as well, so stay tuned to BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

OpenBSD 5.4 released

• The usual 6 month release cycle continues with 5.4
• People who bought the CD (this is where we show the CD) get the release very early, but now it\’s on the public FTP
• New platforms \”octeon\” and \”beagle\”
• Improved Intel DRM, reworked checksumming for network protocols, ECDHE support in httpd, inetd no longer started by default, DHCP improvements, lots of new OpenSMTPD work, OpenSSH 6.3
• Over 7,800 ports available, comes with another new song and fun artwork, lots of new features – check out the full release notes
• A special thanks to Nick Holland and Bob Beck for their behind-the-scenes work
• Experimental FUSE support was enabled shortly after the release, so look forward to that in the future

FreeBSD pkgng repos are official

• Built weekly from a snapshot of the Ports Collection every Wednesday
• Signed packages coming soon with pkg 1.2
• Added official public key to -STABLE and -CURRENT
• New \”pkg+http\” protocol identifier for SRV records
• If you need something more up to date or with custom options, it\’s easy to make your own with just the packages you want using our tutorial
• If you need a guide on how to use pkgng itself, check our tutorial for that too!
• What does this mean for PCBSD repo users? Should they switch? Differences?

DragonflyBSD 3.6 branched

• SMP improvements and GCC changes are all in, so it\’s time to branch
• Release planned for a little under 2 weeks from today
• Features will include i915 support, mdocml imported, crazy SMP improvements, dports being default
• We\’re hoping to get someone from Dragonfly on the show next week to talk about the final release

FreeBSD portmgr lurkers

• Over the course of the next two years, volunteers from a group of ports committers will participate in portmgr activities
• At four month intervals, two committers at a time will be brought in to work on various projects and learn the inner workings of the team
• The first two -lurkers are Mathieu Arnold (mat@) and Antoine Brodin (antoine@).

Interview – Michael W. Lucas – mwlucas@michaelwlucas.com / @mwlauthor

Sudo Mastery
+ Could you tell us a little about yourself, how you got involved with writing and specifically writing about BSD?
+ To set the record straight, is \”su-doh\” or \”su-du\” the correct pronunciation?
+ For the sake of completeness, what is sudo, where does it come from, what does it do?
+ Why did you write this book?
+ Is this mainly a security-focused book?
+ What\’s something interesting you learned about sudo while writing this that you didn\’t know?
+ What are some other BSD books you\’ve written?
+ What makes a \”good\” tech book, would you say?
+ Since you\’ve written about OpenBSD and FreeBSD, how do you personally use both of them?
+ Do the projects get any of the money from sales of the books?
+ Where\’s the best place for people to go to find out more about (and buy) your books?
+ We saw on Twitter you\’re going to be doing an \”OpenBSD for Linux users\” talk for MUG?
+ Anything else you\’d like to mention?
+ Video: DNSSec in 55 Minutes

Tutorial

Configuring FreeBSD as a desktop system

• The BSDs are known around the world as the server OSes of the gods
• They can each make a pretty nice desktop
• PCBSD gives you an out of the box, preconfigured desktop experience
• This guide is for manually setting one up and learning about the process

News Roundup

iXsystems FreeBSD party wrap-up chat

Capsicum in DragonflyBSD

• Dragonfly has no security framework yet besides the traditional unix DAC model
• Port of Capsicum to Dragonfly has begun
• Quite a bit of technical detail in the show notes

NYCBSDCon 2014

• After a three year hiatus, NYCBSDCon is back on February 1, 2014
• Theme of \”The BSDs in Production\” this year
• Held in New York City, more information to come as the time draws closer

FreeBSD newcons progress update

• This project will provide a replacement for the legacy syscons system console
• Newcons provides a number of improvements, including better integration with graphics modes, and broader character set support
• More details on the project can be found on the FreeBSD wiki

Weekly PCBSD feature digest

• PBI 10 format is about ready and they\’ll begin populating the 10.0 appcafe starting next week
• PCDM login manager is back and is ready to be tested
• New PC-BSD Disk Manager Utility with lots of features
• New PC-BSD Builder Scripts (https://github.com/pcbsd/pcbsd-build)
• New 9.2 ISO just out today

Feedback/Questions

• Alptekin writes in: https://slexy.org/view/s208YfYZA9
• Gertjan writes in: https://slexy.org/view/s2k4C2Ryo9
• Kevin writes in: https://slexy.org/view/s2172EyaRG
• Kjell-Aleksander writes in: https://slexy.org/view/s2mP8ftX0U
• Michael writes in: https://slexy.org/view/s203Z9VdKt

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also acceptable)
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• Thanks for ten great episodes so far, we hope to keep doing this for a long time. Be sure to send us your feedback about what you want to see on future episodes! Especially tutorials!

The post Year of the BSD Desktop | BSD Now 10 first appeared on Jupiter Broadcasting.

A tutorial on pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news.

All that and more on BSD Now! The place to B… SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

pfSense 2.1-RELEASE is out

• Now based on FreeBSD 8.3
• Lots of IPv6 features added
• Security updates, bug fixes, driver updates
• PBI package support
• Way too many updates to list, see the full list

New kernel based iSCSI stack comes to FreeBSD

• Brief explanation of iSCSI
• This work replaces the older userland iscsi target daemon and improves the in-kernel iscsi initiator
• Target layer consists of:
• ctld(8), a userspace daemon responsible for handling configuration, listening for incoming connections, etc, then handing off connections to the kernel after the iSCSI Login phase
• iSCSI frontend to CAM Target Layer, which handles Full Feature phase.
• The work is being sponsored by FreeBSD Foundation
• Commit here

MTier creates openup utility for OpenBSD

• MTier provides a number of things for the OpenBSD community
• For example, regularly updated (for security) stable packages from their custom repo
• openup is a utility to easily check for security updates in both base and packages
• It uses the regular pkg tools, nothing custom-made
• Can be run from cron, but only emails the admin instead of automatically updating

OpenSSH in FreeBSD -CURRENT supports DNSSEC

• OpenSSH in base is now compiled with DNSSEC support
• In this case the default setting for ‘VerifyHostKeyDNS’ is yes
• OpenSSH will silently trust DNSSEC-signed SSHFP records
• It is the secteam’s opinion that this is better than teaching users to blindly hit “yes” each time they encounter a new key

Interview – Gilles Chehade & Eric Faurot – gilles@openbsd.org / @poolpOrg & eric@openbsd.org

OpenSMTPD

• Q: Could you tell us a little bit about yourselves and how you got involved with OpenBSD?
• Q: What exactly is OpenSMTPD and why was it created?
• Q: How big is your team of developers? Who’s doing what?
• Q: How compatible is it with things like dovecot, spamassassin, etc?
• Q: Are there any advantages over the other mail servers like Postfix or Exim?
• Q: If someone wanted to switch from them, is it an easy replacement?
• Q: The config syntax is very nice and easy to grasp. Was inspired from PF’s at all?
• Q: What made you decide to develop a portable version, a la OpenSSH?
• Q: Tell us some cool, upcoming features in a future release
• Q: Anything else you’d like to mention about the project?
• Q: Where can people find more info and help with development if they want?

Tutorial

Using pkgng for binary package management

• Live demo
• pkgng is the replacement for the old pkg_add tools
• Much more modern, supports an array of features that the old system didn’t
• Works on DragonflyBSD as well

News Roundup

New progress with Newcons

• Newcons is a replacement console driver for FreeBSD
• Supports unicode, better graphics modes and bigger fonts
• Progress is being made, but it’s not finished yet

relayd gets PFS support

• relayd is a load balancer for OpenBSD which does protocol layers 3, 4, and 7
• Currently being ported to FreeBSD. There is a WIP port
• Works by negotiating ECDHE (Elliptic curve Diffie-Hellman) between the remote site and relayd to enable TLS/SSL Perfect Forward Secrecy, even when the client does not support it

OpenZFS Launches

• Slides from LinuxCon
• Will feature ‘Office Hours’ (Ask an Expert)
• Goal is to reduce the differences between various open source implementations of ZFS, both user facing and pure lines of code

FreeBSD 10-CURRENT becomes 10.0-ALPHA

• Glen Barber tagged the -CURRENT branch as 10.0-ALPHA
• In preparation for 10.0-RELEASE, ALPHA2 as of 9/18
• Everyone was rushing to get their big commits in before 10-STABLE, which will be branched soon
• 10 is gonna be HUGE

September issue of BSD Mag

• BSD Mag is a monthly online magazine about the BSDs
• This month’s issue has some content written by Kris
• Topics include MidnightBSD live cds, server maintenance, turning a Mac Mini into a wireless access point with OpenBSD, server monitoring, FreeBSD programming, PEFS encryption and a brief introduction to ZFS

The FreeBSD IRC channel is official

• For many years, the FreeBSD freenode channel has been “unofficial” with a double-hash prefix
• Finally it has freenode’s blessing and looks like a normal channel!
• The old one will forward to the new one, so your IRC clients don’t need updating

OpenSSH 6.3 released

• After a big delay, Damien Miller announced the release of 6.3
• Mostly a bugfix release, with a few new features
• Of note, SFTP now supports resuming failed downloads via -a

Feedback/Questions

• A couple people wrote in to tell us not only OpenBSD have 64bit time. We misspoke.
• James writes in: https://slexy.org/view/s2wBbbSWGz
• Elias writes in: https://slexy.org/view/s2LMDF3PYx
• Gabor writes in: https://slexy.org/view/s2aCodo65X
• Possibly the coolest feedback we’ve gotten thus far: Baptiste Daroussin, leader of the FreeBSD ports management team and author of poudriere and pkgng, has put up the BSD Now poudriere tutorial on the official documentation!
• We always want more feedback, especially tutorial ideas and show topics you want to see

• Big thanks to TJ for writing most of the show notes and the tutorials, as well as handling most of your feedback
• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also acceptable)
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post MX with TTX | BSD Now 3 first appeared on Jupiter Broadcasting.

Encryption might be less secure than originally thought, EasyDNS suffers an attack and comes up with a clever solution…

Plus the big story for Windows users, a batch of your questions, our answers, and much more!

On this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get 32% off a new order code: go32off3
UnitySync Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.

Encryption is less secure than originally thought

• The problem is that information-theoretic analyses of secure systems have generally used the wrong notion of entropy.
• Shannon entropy is based on the average probability that a given string of bits will occur in a particular type of digital file, that the characteristics of the data traffic will quickly converge to the statistical averages
• But in cryptography, the real concern isn’t with the average case but with the worst case
• A codebreaker needs only one reliable correlation between the encrypted and unencrypted versions of a file in order to begin to deduce further correlations
• “We thought we’d establish that the basic premise that everyone was using was fair and reasonable,” says Ken Duffy
• When researchers started using other notions of entropy (developed since Shannon entropy in the 1950s), which give greater weight to improbable outcomes, they found that slight deviations from perfect uniformity in source files significantly weakened the protection provided by encryption
• “as a consequence, the wireless card readers used in many keyless-entry systems may not be as secure as previously thought.”
• A computer turned loose to simply guess correlations between the encrypted and unencrypted versions of a file would make headway much faster than previously expected.
• “It’s still exponentially hard, but it’s exponentially easier than we thought,” Duffy says. One implication is that an attacker who simply relied on the frequencies with which letters occur in English words could probably guess a user-selected password much more quickly than was previously thought. “Attackers often use graphics processors to distribute the problem,” Duffy says. “You’d be surprised at how quickly you can guess stuff.”
• The Shannon Limit Explained
• Research Paper

Redhat introduces the ‘Red Hat Software Collections 1.0’

• Red Hat Enterprise Linux provides ‘long term support’ for all of the included packages. This means that the version of PHP that is included in the original distribution is maintained for the entire life of that version of RHEL. Of course security fixes are backported, but new features are not. This is both a blessing and a curse, new features and new bugs do not break your production stack, but those new features are not available to you
• The Red Hat Software Collection “Helps Users Build and Deploy Web Applications Through Dynamic Languages and Databases”
• The Collection provides:
• Ruby 1.9.3 with Rails 3.2.8
• Python version 2.7 and 3.3
• PHP version 5.4
• Perl version 5.16.3
• node.js version 0.10
• MariaDB version 5.5
• MySQL version 5.5
• PostgreSQL version 9.2
• “Red Hat Software Collections 1.0 Beta is available now for use with Red Hat Enterprise Linux 6 to customers and partners with select active Red Hat Enterprise Linux Server, Red Hat Enterprise Linux Workstation or developer-related subscriptions.”
• Users without subscriptions or using CentOS, can use IUS a community powered repository of updated software
• “The IUS Community Project is aimed at providing up to date and regularly maintained RPM packages for the latest upstream versions of PHP, Python, MySQL and other common software”

• EasyDNS DDoS in progress
• EasyDNS article explaining their history of dealing with DDoS attacks and their proposed solutions for customers
• They highly recommend that if your site is mission critical, that you use more than 1 DNS provider, to eliminate any single point of failure (SPoF)
• During a previous DDoS attack, they actively worked with their competitors, DNSMadeEasy and DNSimple to mitigate the issues and develop filters to prevent the specific type of attack
• Allan has used DNSMadeEasy for 10 years to handle high DNS loads and the fastest possible response times (anycast means low latency), Managed DNS with automatic Failover for critical domains, and secondary DNS for 100s of hosted domains
• EasyDNS has introduced a new feature called Proactive Nameservers – If you use EasyDNS has your domain registrar, for a monthly fee you can have them automatically adjust your list of active DNS servers based on availability
• The service will automatically removing downed name servers and replacing them with backups that are not publicly displayed until they are used
• This means that the attackers do not know where your backup name servers are, they only get added into the mix if the attack is large enough to disrupt your main name servers
• This service is designed to allow you to automate the use of multiple DNS providers, eliminating any SPoF
• EasyDNS has also introduced a feature to sync your DNS records to Amazon Route53 as a backup

Feedback:

• Questions for A & C

  • Case study: Switching from Linux to FreeBSD

• AD Replacement

• External Drive Array & FreeNAS?

• pkgng

• vBSDCon.com

Round Up:

• The NSA Is Commandeering the Internet – Bruce Schneier
• Android Java API ‘SecureRandom’ method does not generate secure random numbers or keys, leads to theft of bitcoins
• Health care law implementation delayed because insurance industry software cannot calculate and sum a patients out-of-pocket expenses
• Why I am not afraid of the Factoring Cryptopocalypse
• IBM Buys Israel/US Cybersecurity Specialist Trusteer For $800M-$1B
• UK Piracy filtering takes out legitimate sites like the RadioTimes and TorrentFreak
  
• Jamming Wars – With the increase in survailence will we see an increase in jamming tech, and laws against its use
• PuTTy 0.63 released fixes 4 critical security vulnerabilities

The post Encryption Prediction | TechSNAP 123 first appeared on Jupiter Broadcasting.