Show Notes/Links: https://www.bsdnow.tv/340

The post Check My Sums | BSD Now 340 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/333

The post Unix Keyboard Joy | BSD Now 333 first appeared on Jupiter Broadcasting.

Show Notes/Links: https://www.bsdnow.tv/296

The post It’s Alive: OpenBSD 6.5 | BSD Now 296 first appeared on Jupiter Broadcasting.

Allan’s away at BSDCam this week, but we’ve still got an exciting episode for you. We sat down with Bryan Cantrill, CTO of Joyent, to talk about a wide variety of topics: dtrace, ZFS, pkgsrc, containers & much more. This is easily our longest interview to date!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Interview – Bryan Cantrill – bryan@joyent.com / @bcantrill

BSD and Solaris history, illumos, dtrace, Joyent, pkgsrc, various topics

Feedback/Questions

• Randy writes in
• Jared writes in
• Steve writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• BSD Now tshirts are now available to preorder, and will be shipping in September (you have until the end of August to place an order, then they’re gone)
• We’ll be back next week with a normal episode

The post Ubuntu Slaughters Kittens | BSD Now 103 first appeared on Jupiter Broadcasting.

We’ve finally reached a hundred episodes, and this week we’ll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere & he even runs a conference about it!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Remote DoS in the TCP stack

• A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections
• While in the LAST_ACK state, which is one of the final stages of a connection’s lifetime, the connection can get stuck and hang there indefinitely
• This problem has a slightly confusing history that involves different fixes at different points in time from different people
• Juniper originally discovered the bug and announced a fix for their proprietary networking gear on June 8th
• On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch, but did not issue a security notice or MFC the fix back to the -stable branches
• On July 13th, two weeks later, OpenBSD fixed the issue in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found
• Immediately afterwards, they merged it back to -stable and issued an errata notice for 5.7 and 5.6
• On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix and issued a security notice for the problem (which didn’t include the first fix)
• After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way
• NetBSD confirmed they were vulnerable too, and applied another completely different fix to -current on July 24th, but haven’t released a security notice yet
• DragonFly is also investigating the issue now to see if they’re affected as well

c2k15 hackathon reports

• Reports from OpenBSD’s latest hackathon, held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these)
• The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event
• He writes, “Did you ever look at a huge page in man, wanted to jump to the definition of a specific term – say, in ksh, to the definition of the “command” built-in command – and had to step through dozens of false positives with the less ‘/’ and ‘n’ search keys before you finally found the actual definition?”
• With mandoc’s new internal jump targets, this is a problem of the past now
• Jasper also sent in a report, doing his usual work with Puppet (and specifically “Facter,” a tool used by Puppet to gather various bits of system information)
• Aside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an “-i” flag for sed (hooray!)
• Antoine Jacoutot gave a report on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services)
• It now has an “ls” subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this “the poor man’s service monitoring tool”)
• He also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example)
• His list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades
• Foundation director Ken Westerback was also there, getting some disk-related and laptop work done
• He cleaned up and committed the 4k sector softraid code that he’d been working on, as well as fixing some trackpad issues
• Stefan Sperling, OpenBSD’s token “wireless guy,” had a lot to say about the hackathon and what he did there (and even sent in his write-up before he got home)
• He taught tcpdump about some new things, including 802.11n metadata beacons (there’s a lot more specific detail about this one in the report)
• Bringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work
• One quote from Stefan’s report that a lot of people seem to be talking about: “Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We’ll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year.”
• Jeremy Evans wrote in to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem
• While he’s mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon
• Rafael Zalamena, who got commit access at the event, gives his very first report on his networking-related hackathon activities
• With Rafael’s diffs and help from a couple other developers, OpenBSD now has support for VPLS
• Jonathan Gray got a lot done in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code
• As he’s become somewhat known for, Jonathan was also busy running three things in the background: clang’s fuzzer, cppcheck and AFL (looking for any potential crashes to fix)
• Martin Pieuchot gave an write-up on his experience: “I always though that hackathons were the best place to write code, but what’s even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that’s what I did.”
• He laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack
• Unfortunately, most of Martin’s secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle
• We’re still eagerly awaiting a report from one of OpenBSD’s newest developers, Alexandr Nedvedicky (the Oracle guy who’s working on SMP PF and some other PF fixes)
• OpenBSD 5.8’s “beta” status was recently reverted, with the message “take that as a hint,” so that may mean more big changes are still to come…

FreeBSD quarterly status report

• FreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far
• It’s broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others
• Starting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just “svn.freebsd.org”) are now using GeoGNS with official SSL certs and general redundancy was increased
• In the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages
• The core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon
• Work also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012)
• The report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support
• Multipath TCP was also a hot topic, and there’s a brief summary of the current status on that patch (it will be available publicly soon)
• ZFSguru, a project we haven’t talked about a lot, also gets some attention in the report – version 0.3 is set to be completed in early August
• PCIe hotplug support is also mentioned, though it’s still in the development stages (basic hot-swap functions are working though)
• The official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling
• Various other small updates on specific areas of ports (KDE, XFCE, X11…) are also included in the report
• Documentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot
• Many other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more

The OpenSSH bug that wasn’t

• There’s been a lot of discussion about a supposed flaw in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even)
• There’s no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections
• FreeBSD in its default configuration, with PAM and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem – not upstream OpenSSH, nor any of the other BSDs, and not even the majority of Linux distros
• If you disable all forms of authentication except public keys, like you’re supposed to, then this is also not a big deal for FreeBSD systems
• Realistically speaking, it’s more of a PAM bug than anything else
• OpenSSH added an additional check for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update)

Interview – Sebastian Wiedenroth – wiedi@netbsd.org / @wied0r

pkgsrc and pkgsrcCon

News Roundup

Now served by OpenBSD

• We’ve mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it
• The use case for the author was for a webserver, so he decided to try out the httpd in base
• Configuration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting
• TLS 1.2 by default, strong ciphers with LibreSSL and HSTS combined give you a pretty secure web server

FreeBSD laptop playbooks

• A new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named “freebsd-laptops”
• It’s based on ansible, and uses the playbook format for automatic set up and configuration
• Right now, it’s only working on a single Lenovo laptop, but the plan is to add instructions for many more models
• Check the Github page for instructions on how to get started, and maybe get involved if you’re running FreeBSD on a laptop

NetBSD on the NVIDIA Jetson TK1

• If you’ve never heard of the Jetson TK1, we can go ahead and spoil the secret here: NetBSD runs on it
• As for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE
• This blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything)
• You can even run X11 on it, pretty sweet

DragonFly power mangement options

• DragonFly developer Sepherosa, who we’ve had on the show, has been doing some ACPI work over there
• In this email, he presents some of DragonFly’s different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well
• He also did some testing with each of them and gave his findings about power saving
• If you’ve been thinking about running DragonFly on a laptop, this would be a good one to read

OpenBSD router under FreeBSD bhyve

• If one BSD just isn’t enough for you, and you’ve only got one machine, why not run two at once
• This article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it
• If you’ve been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware
• The author also includes a little bit of history on how he got into both operating systems
• There are lots of mixed opinions about virtualizing core network components, so we’ll leave it up to you to do your research
• Of course, the next logical step is to put that bhyve host under Xen on NetBSD…

Feedback/Questions

• Kevin writes in
• Logan writes in
• Peter writes in
• Randy writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We’re always looking for interviews – get in touch if you’re doing anything cool with BSD that you’d like to talk about (or want to suggest someone else)

The post Straight from the Src | BSD Now 100 first appeared on Jupiter Broadcasting.

This time on the show, we’ll be chatting with Jed Reynolds about ZFS. He’s been using it extensively on a certain other OS, and we can both learn a bit about the other side’s implementation. Answers to your questions and all this week’s news, coming up on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Playing with sandboxing

• Sandboxing and privilege separation are popular topics these days – they’re the goal of the new “shill” scripting language, they’re used heavily throughout OpenBSD, and they’re gaining traction with the capsicum framework
• This blog post explores capsicum in FreeBSD, some of its history and where it’s used in the base system
• They also include some code samples so you can verify that capsicum is actually denying the program access to certain system calls
• Check our interview about capsicum from a while back if you haven’t seen it already

OpenNTPD on by default

• OpenBSD has enabled ntpd by default in the installer
• In nearly every case, you’re going to want to have your clock synced via NTP
• With the HTTPS constraints feature also enabled by default, this should keep the time checked and accurate, even against spoofing attacks
• Lots of problems can be traced back to the time on one system or another being wrong, so this will also eliminate some of those cases
• For those who might be curious, they’re using the “pool.ntp.org” cluster of addresses and google for HTTPS constraints (but these can be easily changed)

FreeBSD workshop in Landshut

• We mentioned a BSD installfest happening in Germany a few weeks back, and the organizer wrote in with a review of the event
• The installfest instead became a “FreeBSD workshop” session, introducing curious new users to some of the flagship features of the OS
• They covered when to use UFS or ZFS, firewall options, the release/stable/current branches and finally how to automate installations with Ansible
• If you’re in south Germany and want to give similar introduction talks or Q&A sessions about the other BSDs, get in touch
• We’ll hear more from him about how it went in the feedback section today

Swap encryption in DragonFly

• Doing full disk encryption is very important, but something that people sometimes overlook is encrypting their swap
• This can actually be more important than the contents of your disks, especially if an unencrypted password or key hits your swap (as it can be recovered quite easily)
• DragonFlyBSD has added a new experimental option to automatically encrypt your swap partition in fstab
• There was another way to do it previously, but this is a lot easier
• You can achieve similar results in FreeBSD by adding “.eli” to the end of the swap device in fstab, there are a few steps to do it in NetBSD and swap in OpenBSD is encrypted by default
• A one-time key will be created and then destroyed in each case, making recovery of the plaintext nearly impossible

Interview – Jed Reynolds – jed@bitratchet.com / @jed_reynolds

Comparing ZFS on Linux and FreeBSD

News Roundup

USB thermometer on OpenBSD

• So maybe you’ve got BSD on your server or router, maybe NetBSD on a toaster, but have you ever used a thermometer with one?
• This blog post introduces the RDing TEMPer Gold USB thermometer, a small device that can tell the room temperature, and how to get it working on OpenBSD
• Wouldn’t you know it, OpenBSD has a native “ugold” driver to support it with the sensors framework
• How useful such a device would be is another story though
• BSDCan Dan just bought 5 of these to bring to the #EmbeddedBSDCan hackithon. Bring your embedded devices and cool gadgets with you to BSDCan and hang out in the hackers lounge, see what we can put together.

NAS4Free now on ARM

• We talk a lot about hardware for network-attached storage devices on the show, but ARM doesn’t come up a lot
• That might be changing soon, as NAS4Free has just released some ARM builds
• These new (somewhat experimental) images are based on FreeBSD 11-CURRENT
• Included in the announcement is a list of fully-supported and partially-supported hardware that they’ve tested it with
• If anyone has experience with running a NAS on slightly exotic hardware, write in to us

pkgsrcCon 2015 CFP and info

• This year’s pkgsrcCon will be in Berlin, Germany on July 4th and 5th
• They’re looking for talk proposals and ideas for things you’d like to see
• If you or your company uses pkgsrc, or if you’re just interested in NetBSD in general, it would be a good event to check out

BSDTalk episode 253

• BSDTalk has released another new episode
• In it, he interviews George Neville-Neil about the 2nd edition of “The Design and Implementation of the FreeBSD Operating System”
• They discuss what’s new since the last edition, who the book’s target audience is and a lot more
• We’re up to 90 episodes now, slowly catching up to Will…

Feedback/Questions

• Dominik writes in
• Brad writes in
• Corvin writes in
• James writes in

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if there’s someone you want us to talk to on a future episode, you gotta tell us
• Let us know if you guys have any ideas for our big 100th episode

The post ZFS Armistice | BSD Now 90 first appeared on Jupiter Broadcasting.

Coming up this week, we’ve got something a little bit different for you. We’ll be talking with Andrew Tanenbaum, the creator of MINIX. They’ve recently imported parts of NetBSD into their OS, and we’ll find out how and why that came about. As always, all the latest news and answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

The missing EuroBSDCon videos

• Some of the missing videos from EuroBSDCon 2014 we mentioned before have mysteriously appeared
• Jordan Hubbard, FreeBSD, looking forward to another 10 years
• Lourival Viera Neto, NFS scripting with Lua
• Kris Moore, Snapshots, replication and boot environments
• Andy Tanenbaum, A reimplementation of NetBSD based on a microkernel
• Kirk McKusick, An introduction to FreeBSD’s implementation of ZFS
• Emannuel Dreyfus, FUSE and beyond, bridging filesystems
• John-Mark Gurney, Optimizing GELI performance
• Unfortunately, there are still about six talks missing… and no ETA

FreeBSD on a MacBook Pro (or two)

• We’ve got a couple posts about running FreeBSD on a MacBook Pro this week
• In the first one, the author talks a bit about trying to run Linux on his laptop for quite a while, going back and forth between it and something that Just Works
• Eventually he came full circle, and the focus on using only GUI tools got in the way, instead of making things easier
• He works on a lot of FreeBSD-related software, so switching to it for a desktop seems to be the obvious next step
• He’s still not quite to that point yet, but documents his experiments with BSD as a desktop
• The second article also documents an ex-Linux user switching over to BSD for their desktop
• It also covers power management, bluetooth and trackpad setup
• On the topic of Gentoo, “Underneath the beautiful and easy-to-use Portage system lies the same glibc, the same turmoil over a switch to a less-than-ideal init system, and the same kernel-level bugs that bring my productivity down”
• Check out both articles if you’ve been considering running FreeBSD on a MacBook

Remote logging over TLS

• In most of the BSDs, syslogd has been able to remotely send logs to another server for a long time
• That feature can be very useful, especially for forensics purposes – it’s much harder for an attacker to hide their activities if the logs aren’t on the same server
• The problem is, of course, that it’s sent in cleartext, unless you tunnel it over SSH or use some kind of third party wrapper
• With a few recent commits, OpenBSD’s syslogd now supports sending logs over TLS natively, including X509 certificate verification
• By default, syslogd runs as an unprivileged user in a chroot on OpenBSD, so there were some initial concerns about certificate verification – how does that user access the CA chain outside of the chroot?
• That problem was also conquered, by loading the CA chain directly from memory, so the entire process can be run in the chroot without issue
• Some of the privsep verifcation code even made its way into LibreSSL right afterwards
• If you haven’t set up remote logging before, now might be an interesting time to try it out

FreeBSD, not a Linux distro

• George Neville-Neil gave a presentation recently, titled “FreeBSD: not a Linux distro”
• It’s meant to be an introduction to new users that might’ve heard about FreeBSD, but aren’t familiar with any BSD history
• He goes through some of that history, and talks about what FreeBSD is and why you might want to use it over other options
• There’s even an interesting “thirty years in three minutes” segment
• It’s not just a history lesson though, he talks about some of the current features and even some new things coming in the next version(s)
• We also learn about filesystems, jails, capsicum, clang, dtrace and the various big companies using FreeBSD in their products
• This might be a good video to show your friends or potential employer if you’re looking to introduce FreeBSD to them

Long-term support considered harmful

• There was recently a pretty horrible bug in GNU’s libc (BSDs aren’t affected, don’t worry)
• Aside from the severity of the actual problem, the fix was delayed for quite a long time, leaving people vulnerable
• Ted Unangst writes a post about how this idea of long-term support could actually be harmful in the long run, and compares it to how OpenBSD does things
• OpenBSD releases a new version every six months, and only the two most recent releases get support and security fixes
• He describes this as both a good thing and a bad thing: all the bugs in the ecosystem get flushed out within a year, but it forces people to stay (relatively) up-to-date
• “Upgrades only get harder and more painful (and more fragile) the longer one goes between them. More changes, more damage. Frequent upgrades amortize the cost and ensure that regressions are caught early.”
• There was also some discussion about the article on Hacker News

Interview – Andrew Tanenbaum – info@minix3.org / @minix3

MINIX’s integration of NetBSD

News Roundup

Using AFL on OpenBSD

• We’ve talked about American Fuzzy Lop a bit on a previous episode, and how some OpenBSD devs are using it to catch and fix new bugs
• Undeadly has a cool guide on how you can get started with fuzzing
• It’s a little on the advanced side, but if you’re interested in programming or diagnosing crashes, it’ll be a really interesting article to read
• Lots of recent CVEs in other open source projects are attributed to fuzzing – it’s a great way to stress test your software

Lumina 0.8.1 released

• A new version of Lumina, the BSD-licensed desktop environment from PCBSD, has been released
• This update includes some new plugins, lots of bugfixes and even “quality-of-life improvements”
• There’s a new audio player desktop plugin, a button to easily minimize all windows at once and some cool new customization options
• You can get it in PCBSD’s edge repo or install it through regular ports (on FreeBSD, OpenBSD or DragonFly!)
• If you haven’t seen our episode about Lumina, where we interview the developer and show you a tour of its features, gotta go watch it

My first OpenBSD port

• The author of the “Code Rot & Why I Chose OpenBSD” article has a new post up, this time about ports
• He recently made his first port and got it into the tree, so he talks about the whole process from start to finish
• After learning some of the basics and becoming comfortable running -current, he noticed there wasn’t a port for the “Otter” web browser
• At that point he did what you’re supposed to do in that situation, and started working on it himself
• OpenBSD has a great porter’s handbook that he referenced throughout the process
• Long story short, his browser of choice is in the official ports collection and now he’s the maintainer (and gets to deal with any bug reports, of course)
• If some software you use isn’t available for whatever BSD you’re using, you could be the one to make it happen

How to slide with DragonFly

• DragonFly BSD has a new HAMMER FS utility called “Slider”
• It’s used to easily browse through file history and undelete files – imagine something like a commandline version of Apple’s Time Machine
• They have a pretty comprehensive guide on how to use it on their wiki page
• If you’re using HAMMER FS, this is a really handy tool to have, check it out

OpenSMTPD with Dovecot and Salt

• We recently had a feedback question about which mail servers you can use on BSD – Postfix, Exim and OpenSMTPD being the big three
• This blog post details how to set up OpenSMTPD, including Dovecot for IMAP and Salt for quick and easy deployment
• Intrigued by it becoming the default MTA in OpenBSD, the author decided to give it a try after being a long-time Postfix fan
• “Small, fast, stable, and very easy to customize, no more ugly m4 macros to deal with”
• Check it out if you’ve been thinking about configuring your first mail server on any of the BSDs

Feedback/Questions

• Christopher writes in
  • Mergemaster with EZJail
• Mark writes in
• Kevin writes in
• Stefano writes in
• Matthew writes in

Mailing List Gold

• Not that interested actually
• This guy again
• Yep, this is the place

• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Also send us your ideas for the new discussion segment – we might start that either next week or the week after, depending on how much feedback we get about it (which has been almost none so far)
• We’d love to get more emails from the listeners in general
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post That Sly MINIX | BSD Now 74 first appeared on Jupiter Broadcasting.

We’re back and this week we’ll be showing you how to tunnel out of a restrictive network using only DNS queries.

We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes.

All the latest news and answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

Become a supporter on Patreon:

– Show Notes: –

Headlines

EuroBSDCon 2014 registration open

• September is getting closer, and that means it’s time for EuroBSDCon – held in Bulgaria this year
• Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th
• Tutorials, sessions, dev summits and everything else all have their own pricing as well
• Registering between August 18th – September 12th will cost more for everything
• You can register online here and check hotels in the area
• The FreeBSD foundation is also accepting applications for travel grants

OpenBSD SMP PF update

• A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded
• With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump
• In a recent mailing list thread, Henning Brauer addresses some of the concerns
• The short version is that too many things in OpenBSD are currently single-threaded for it to matter – just reworking PF by itself would be useless
• He also says PF on OpenBSD is over four times faster than FreeBSD’s old version, presumably due to those extra years of development it’s gone through
• There’s also been even more recent concern about the uncertain future of FreeBSD’s PF, being mostly unmaintained since their SMP patches
• We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us

Introduction to NetBSD pkgsrc

• An article from one of our listeners about how to create a new pkgsrc port or fix one that you need
• The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format
• It also lists all the different bmake targets and their functions in relation to the porting process
• Finally, the post details the whole process of creating a new port

FreeBSD 9.3-RELEASE

• After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday
• The full list of changes is available, but it’s mostly a smaller maintenance release
• Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated… and much more
• If you haven’t jumped to the 10.x branch yet (and there are a lot of people who haven’t!) this is a worthwhile upgrade – 9.2-RELEASE will reach EOL soon
• Good news, this will be the first release with PGP-signed checksums on the FTP mirrors – a very welcome change
• 9.2’s EOL was extended until December of this year
• With that out of the way, the 10.1-RELEASE schedule was posted

Interview – Bryan Drewery – bdrewery@freebsd.org / @bdrewery

The FreeBSD package building cluster, pkgng, ports, various topics

Tutorial

Tunneling traffic through DNS

News Roundup

SSH two-factor authentication on FreeBSD

• We’ve previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website
• This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port
• Using this setup, every user that logs in with a password will have an extra requirement before they can gain access – but users with public keys can login normally
• It’s a really, really simple process once you have the port installed – full details on the page

Ditch tape backup in favor of FreeNAS

• The author of this post shares some of his horrible experiences with tape backups for a client
• Having constant, daily errors and failed backups, he needed to find another solution
• With 1TB of backups, tapes just weren’t a good option anymore – so he switched to FreeNAS (after also ruling out a pre-built NAS)
• The rest of the article details his experiences with it and tells about his setup

NetBSD vs FreeBSD, desktop experiences

• A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job
• Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try – especially since it has a native nVidia driver
• “Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga.”
• He’s become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system

PCBSD not-so-weekly digest

• Speaking of choices for a desktop system, it’s the return of the PCBSD digest!
• Warden and PBI_add have gotten some interesting new features
• You can now create jails “on the fly” when adding a new PBI to your application library
• Bulk jail creation is also possible now, and it’s really easy
• New Jenkins integration, with public access to Poudriere logs as well (https://builds.pcbsd.org)
• PkgNG 1.3.0.rc2 testing for EDGE users

Feedback/Questions

• Jeff writes in – Sending Encrypted Backups over SSH + Sending ZFS snapshots via user
• Bruce writes in
• Richard writes in
• Jeff writes in
• Steve writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We love hearing from listeners – tell us what you think of the show or what you’d like to see!
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Congrats to the new FreeBSD core team members
• The first (and second.. and third..) portable release of LibreSSL is available on the OpenBSD FTP sites, with a brief announcement email
• Test it on your platform of choice, including building ports against it, and report your findings to either the LibreSSL team or the port maintainers so we can increase compatibility
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Network Iodometry | BSD Now 46 first appeared on Jupiter Broadcasting.

This time on the show, we’ll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we’ll show you how to roll your own OpenBSD ISOs with all the patches already applied… ISO can’t wait!

This week’s news and answers to all your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

pfSense 2.1.4 released

• The pfSense team has released 2.1.4, shortly after 2.1.3 – it’s mainly a security release
• Included within are eight security fixes, most of which are pfSense-specific
• OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so)
• It also includes a large number of various other bug fixes
• Update all your routers!

DragonflyBSD’s pf gets SMP

• While we’re on the topic of pf…
• Dragonfly patches their old[er than even FreeBSD’s] pf to support multithreading in many areas
• Stemming from a user’s complaint, Matthew Dillon did his own work on pf to make it SMP-aware
• Altering your configuration‘s ruleset can also help speed things up, he found
• When will OpenBSD, the source of pf, finally do the same?

ChaCha usage and deployment

• A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5
• This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20
• OpenSSH offers it as a stream cipher now, OpenBSD uses it for it’s random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it
• Both Google’s fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not
• Unfortunately, this article has one mistake: FreeBSD does not use it – they still use the broken RC4 algorithm

BSDMag June 2014 issue

• The monthly online BSD magazine releases their newest issue
• This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, “saving time and headaches using the robot framework for testing,” an interview and an article about the increasing number of security vulnerabilities
• The free pdf file is available for download as always

Interview – Craig Rodrigues – rodrigc@freebsd.org

FreeBSD’s continuous testing infrastructure

Tutorial

Creating pre-patched OpenBSD ISOs

News Roundup

Preauthenticated decryption considered harmful

• Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures
• In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end – this had the advantage of not requiring any extra disk space, but raised some security concerns
• With signify, now everything is fully downloaded and verified before tar is even invoked
• The pkg_add utility works a little bit differently, but it’s also been improved in this area – details in the post
• Be sure to also read the original post from Adam, lots of good information

FreeBSD 9.3-RC2 is out

• As the -RELEASE inches closer, release candidate 2 is out and ready for testing
• Since the last one, it’s got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things
• The updated bsdconfig will use pkgng style packages now too
• A lesser known fact: there are also premade virtual machine images you can use too

pkgsrcCon 2014 wrap-up

• In what may be the first real pkgsrcCon article we’ve ever had!
• Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event
• Unfortunately no recordings to be found…

PostgreSQL FreeBSD performance and scalability

• FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales
• On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings
• Lots of technical details if you’re interested in getting the best performance out of your hardware
• It also includes specific kernel options he used and the rest of the configuration
• If you don’t want to open the pdf file, you can use this link too

Feedback/Questions

• James writes in
• Klemen writes in
• John writes in
• Brad writes in
• Adam writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• There, you’ll also find a link to Bob Beck’s LibReSSL talk from the end of May – we finally found a recording!
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Next week Allan will be at BSDCam, so we’ll have a prerecorded episode then

The post Base ISO 100 | BSD Now 44 first appeared on Jupiter Broadcasting.

We\’re back from BSDCan! This week on the show we\’ll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We\’ll get to hear their experiences of running one and maybe encourage some of you to start your own!

After that, we\’ve got a tutorial on the basics of NetBSD\’s package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD 11 goals and discussion

• Something that actually happened at BSDCan this year…
• During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE
• Slides from Dev Summit
• Some of MWL\’s notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support
• A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more
• There\’s also some notes from the devsummit virtualization session, mostly talking about bhyve
• Lastly, he also provides some notes about ports and packages and where they\’re going

An SSH honeypot with OpenBSD and Kippo

• Everyone loves messing with script kiddies, right?
• This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD
• It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely
• You can use this to get new 0day exploits or find weaknesses in your systems
• OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications

NetBSD foundation financial report

• The NetBSD foundation has posted their 2013 financial report
• It\’s a very \”no nonsense\” page, pretty much only the hard numbers
• In 2013, they got $26,000 of income in donations
• The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else
• Be sure to donate to whichever BSDs you like and use!

Building a fully-encrypted NAS with OpenBSD

• Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you\’re doing
• This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind
• The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require – this means the kernel itself is even protected
• The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people\’s needs too
• There\’s also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware – fantastic write up!

Interview – Brian Callahan & Aaron Bieber – admin@lists.nycbug.org & admin@cobug.org

Forming a local BSD Users Group

Tutorial

The basics of pkgsrc

News Roundup

FreeBSD periodic mails vs. monitoring

• If you\’ve ever been an admin for a lot of FreeBSD boxes, you\’ve probably noticed that you get a lot of email
• This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them
• From bad SSH logins to Zabbix alerts, it all adds up quickly
• It highlights the periodic.conf file and FreeBSD\’s periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers

Doing cool stuff with OpenBSD routing domains

• A blog post from our viewer and regular emailer, Kjell-Aleksander!
• He manages some internally-routed IP ranges at his work, but didn\’t want to have equipment for each separate project
• This is where OpenBSD routing domains and pf come in to save the day
• The blog post goes through the process with all the network details you could ever dream of
• He even named his networking equipment… after us

LibreSSL, the good and the bad

• We\’re all probably familiar with OpenBSD\’s fork of OpenSSL at this point
• However, \”for those of you that don\’t know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk\”
• This article talks about some of the cryptographic development challenges involved with maintaining such a massive project
• You need cryptographers, software engineers, software optimization specialists – there are a lot of roles that need to be filled
• It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork – the main one being their aim for backwards compatibility

PCBSD weekly digest

• Lots going on in PCBSD land this week, AppCafe has been redesigned
• The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update
• In the more recent post, there\’s some further explanation of the PBI system and the reason for the transition
• It\’s got lots of details on the different ways to install software, so hopefully it will clear up any possible confusion
• Working on adding support for FDE with GELI using GRUB for 10.0.2
• Any devs who can grock the GRUB geli code are welcome to contact Kris

Feedback/Questions

• Antonio writes in
• Daniel writes in
• Sean writes in
• tsyn writes in
• Chris writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
• Michael Lucas will be giving a live presentation next Tuesday, \”Beyond Security: Getting to Know OpenBSD’s Real Purpose\” so be sure to catch that
• Preorders for the book of PF\’s third edition are up
• We got a picture of a bunch of old FreeBSD CDs
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post A BUG's Life | BSD Now 38 first appeared on Jupiter Broadcasting.

We show off OpenBSD\’s new \”autoinstall\” feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now – it\’s the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD ASLR status update

• Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD
• He\’s implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386)
• Work has also started on testing ASLR on ARM, using a Raspberry Pi
• He\’s giving a presentation at BSDCan this year about his ASLR work
• While we\’re on the topic of BSDCan…

BSDCan tutorials, improving the experience

• Peter Hansteen writes a new blog post about his upcoming BSDCan tutorials
• The tutorials are called \”Building the network you need with PF, the OpenBSD packet filter\” and \”Transitioning to OpenBSD 5.5\” – both scheduled to last three hours each
• He\’s requesting anyone that\’ll be there to go ahead and contact him, telling him exactly what you\’d like to learn
• There\’s also a bit of background information about the tutorials and how he\’s looking to improve them
• If you\’re interested in OpenBSD and going to BSDCan this year, hit him up

pkgsrc-2014Q1 released

• The new stable branch of pkgsrc packages has been built and is ready
• Python 3.3 is now a \”first class citizen\” in pkgsrc
• 14255 packages for NetBSD-current/x86_64, 11233 binary packages built with clang for FreeBSD 10/x86_64
• There\’s a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD – you could even use pkgsrc instead of pkgng or ports if you were so inclined
• They\’re also looking into signing packages

Only two holes in a heck of a long time, who cares?

• A particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list
• He questions \”what\’s the big deal\” about OpenBSD\’s slogan being \”Only two remote holes in the default install, in a heck of a long time!\”
• Luckily, the community and Theo set the record straight about why you should care about this
• Running insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features of OpenBSD
• It spawned a discussion about ease of management and Linux\’s poor security record, definitely worth reading

Interview – Dru Lavigne – dru@freebsd.org / @bsdevents

FreeBSD\’s documentation printing, documentation springs, various topics

Tutorial

Automatic, unattended OpenBSD installs with PXE

News Roundup

pfSense 2.1.1 released

• A new version of pfSense is released, mainly to fix some security issues
• Tracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router
• There are also some NIC driver updates and other things
• Of course if you want to learn more about pfSense, watch episode 25
• 2.1.2 is already up for testing too

FreeBSD gets UEFI support

• It looks like FreeBSD\’s battle with UEFI may be coming to a close?
• Ed Maste committed a giant list of patches to enable UEFI support on x86_64
• Look through the list to see all the details and information
• Thanks FreeBSD foundation!

Ideas for the next DragonflyBSD release

• Mr. Dragonfly release engineer himself, Justin Sherrill posts some of his ideas for the upcoming release
• They\’re aiming for late May for the next version
• Ideas include better support for running in a VM, pkgng fixes, documentation updates and PAM support
• Gasp, they\’re even considering dropping i386

PCBSD weekly digest

• Lots of new PBI updates for 10.0, new runtime implementation
• New support for running 32 bit applications in PBI runtime
• Autodetection for DVD / Audio CD insertion / plus playback
• Latest GNOME 3 and Cinnamon merged, new edge package builds

Feedback/Questions

• Remy writes in
• Jan writes in
• Eddie writes in
• Zen writes in
• Sean writes in

• BSD Now has an official IRC channel now. #bsdnow on irc.freenode.net
• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
• Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Just a quick reminder: If you\’re running OpenSSL 1.0.1 through 1.0.1f please update it and regenerate, rotate and revoke your keys if you run a server with HTTPS, IMAPS, etc – huge security hole! (Also DES offers some insight on the FreeBSD security process)
• We\’re lucky it wasn\’t OpenSSH

The post PXE Dust | BSD Now 32 first appeared on Jupiter Broadcasting.

On today\’s show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Tailoring OpenBSD for an old, strange computer

• The author of this article had an OmniBook 800CT, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU
• Obviously he had to install some kind of BSD on it!
• This post goes through all his efforts of trimming down OpenBSD to work on such a limited device
• He goes through the trial and error of \”compile, break it, rebuild, try again\”
• After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working

pkgsrcCon and BSDCan

• pkgsrccon is \”a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure\”
• This year it will be on June 21st and 22nd
• The schedule is still being worked out, so if you want to give a talk, submit it
• BSDCan\’s schedule was also announced
• We\’ll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more
• Kris\’ presentation was accepted!
• Tons of topics, look forward to the recorded versions of all of them hopefully!

Two factor auth with pushover

• A new write-up from our friend Ted Unangst
• Pushover is \”a web hook to smartphone push notification gateway\” – you sent a POST to a web server and it sends a code to your phone
• His post goes through the steps of editing your login.conf and setting it all up to work
• Now you can get a two factor authenticated login for ssh!

The status of GNOME 3 on BSD

• It\’s no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems
• OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use
• This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast
• A few recent posts from some GNOME developers show that they\’re finally working with the BSD guys to improve portability
• The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us – it\’s a beautiful thing
• This goes right along with our interview today!

This episode was brought to you by

Interview – Joe Marcus Clark – marcus@freebsd.org

The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics

Tutorial

The FreeBSD Ports Collection

News Roundup

DragonflyBSD 3.8 goals and 3.6.1 release

• The Dragonfly team is thinking about what should be in version 3.8
• On their bug tracker, it lists some of the things they\’d like to get done before then
• In the meantime, 3.6.1 was released with lots of bugfixes

NYCBSDCon 2014 wrap-up piece

• We\’ve got a nice wrap-up titled \”NYCBSDCon 2014 Heats Up a Cold Winter Weekend\”
• The author also interviews GNN about the conference
• There\’s even a little \”beginner introduction\” to BSD segment
• Includes a mention of the recently-launched journal and lots of pictures from the event

FreeBSD and Linux, a comparative analysis

• GNN in yet another story – he gave a presentation at the NYLUG about the differences between FreeBSD and Linux
• He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs \”distros,\” development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences
• Serves as a good introduction you can show your Linux friends

PCBSD CFT and weekly digest

• Upgrade tools have gotten a major rewrite
• You have to help test it, there is no choice! Read more here
• How dare Kris be \”unimpressed with\” freebsd-update and pkgng!?
• Various updates and fixes

Feedback/Questions

• Jeffrey writes in: https://slexy.org/view/s213KxUdVj
• Shane writes in: https://slexy.org/view/s20lwkjLVK
• Ferdinand writes in: https://slexy.org/view/s21DqJs77g
• Curtis writes in: https://slexy.org/view/s20eXKEqJc
• Clint writes in: https://slexy.org/view/s21XMVFuVu
• Peter writes in: https://slexy.org/view/s20Xk05MHe

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Our email backlog is totally caught up now, so email us all your questions!
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Port Authority | BSD Now 26 first appeared on Jupiter Broadcasting.

We sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We\’ll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

EuroBSDCon and AsiaBSDCon

• This year, EuroBSDCon will be in September in Sofia, Bulgaria
• They\’ve got a call for papers up now, so everyone can submit the talks they want to present
• There will also be a tutorial section of the conference
• AsiaBSDCon will be next month, in March!
• All the info about the registration, tutorials, hotels, timetable and location have been posted
• Check the link for all the details on the talks – if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers!

FreeBSD 10 on Ubiquiti EdgeRouter Lite

• The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU
• This article goes through the process of installing and configuring FreeBSD on it to use as a home router
• Lots of good pictures of the hardware and specific details needed to get you set up
• It also includes the scripts to create your own images if you don\’t want to use the ones rolled by someone else
• For such a cheap price, might be a really fun weekend project to replace your shitty consumer router
• Of course if you\’re more of an OpenBSD guy, you can always see our tutorial for that too

Signed pkgsrc package guide

• We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up
• It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD)
• He goes through the process of signing packages with a public key and how to verify the packages when you install them
• The author also happens to be an EdgeBSD developer

Big batch of OpenBSD hackathon reports

• Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI
• In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things
• In the third, jsg updated libdrm and mesa and did various work on xenocara
• In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead – but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he\’s done
• In the fifth, claudio talks about some stuff he did for routing tables and misc. other things

This episode was brought to you by

Interview – Chris Buechler – cmb@pfsense.com / @cbuechler

pfSense

Tutorial

pfSense walkthrough

News Roundup

FreeBSD challenge continues

• Our buddy from the Linux foundation continues his switching to BSD journey
• In day 13, he covers some tips for new users, mentions trying things out in a VM first
• In day 14, he starts setting up XFCE and X11, feels like he\’s starting over as a new Linux user learning the ropes again – concludes that ports are the way to go
• In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch
• In day 16, he dives into the world of FreeBSD jails!

BSD books in 2014

• BSD books are some of the highest quality technical writings available, and MWL has written a good number of them
• In this post, he details some of his plans for 2014
• In includes at least one OpenBSD book, at least one FreeBSD book and…
• Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him)
• Check the link for all the details

How to build FreeBSD/EC2 images

• Our friend Colin Percival details how to build EC2 images in a new blog post
• Most people just use the images he makes on their instances, but some people will want to make their own from scratch
• You build a regular disk image and then turn it into an AMI
• It requires a couple ports be installed on your system, but the whole process is pretty straightforward

PCBSD weekly digest

• This time around we discuss how you can become a developer
• Kris also details the length of supported releases
• Expect lots of new features in 10.1

Feedback/Questions

• Sean writes in: https://slexy.org/view/s216xJoCVG
• Jake writes in: https://slexy.org/view/s2gLrR3VVf
• Niclas writes in: https://slexy.org/view/s21gfG3Iho
• Steffan writes in: https://slexy.org/view/s2JNyw5BCn
• Antonio writes in: https://slexy.org/view/s2kg3zoRfm
• Chris writes in: https://slexy.org/view/s2ZwSIfRjm

• Our email backlog is pretty much caught up. Now\’s a great time to send us something – questions, stories, ideas, requests for something you want to see, anything
• All the tutorials are posted in their entirety at bsdnow.tv
• The OpenBSD router tutorial got a couple improvements and fixes
• Just because our tutorial contest is over doesn\’t mean you can\’t submit any, we would love if more listeners wrote up a tutorial on interesting things they\’re doing with BSD
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• The BSD Now shirt design has been finalized, we have the files and are working out the printing details… expect them to be available in early-to-mid March!

The post A Sixth pfSense | BSD 25 first appeared on Jupiter Broadcasting.

We\’ve got some special treats for you this week on the show. It\’s the long-awaited \”installfest\” segment, where we go through the installer of each of the different BSDs. Of course we also have your feedback and the latest news as well… and… we even have our very first viewer contest! There\’s a lot to get to today on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD\’s new testing infrastructure

• A new test suite was added to FreeBSD, with 3 powerful machines available
• Both -CURRENT and stable/10 have got the test suite build infrastructure in place
• Designed to help developers test and improve major scalability across huge amounts of CPUs and RAM
• More details available here
• Could the iXsystems monster server be involved…?

OpenBSD gets signify

• At long last, OpenBSD gets support for signed releases!
• For \”the world\’s most secure OS\” it was very easy to MITM kernel patches, updates, installer isos, everything
• A commit to the -current tree reveals a new \”signify\” tool is currently being kicked around
• More details in a blog post from the guy who committed it
• Quote: \”yeah, briefly, the plan is to sign sets and packages. that\’s still work in progress.\”

Faces of FreeBSD

• This time they interview Isabell Long, a 19 year old female that\’s involved with FreeBSD
• She\’s a volunteer staff member on the freenode IRC network
• In 2011, she participated in the Google Code-In contest and became involved with documentation
• \”The new committer mentoring process proved very useful and that, plus the accepting community of FreeBSD, are reasons why I stay involved.\”

pkgsrc-2013Q4 branched

• The quarterly pkgsrc branch from NetBSD is out
• 13472 total packages for NetBSD-current/amd64 + 13049 binary packages built with clang!
• Lots of numbers and stats in the announcement
• pkgsrc works on quite a few different OSes, not just NetBSD
• See our interview with Amitai Schlair for a bit about pkgsrc

OpenBSD on Google\’s Compute Engine

• Google Compute Engine is a \”cloud computing\” platform similar to EC2
• Unfortunately, they only offer poor choices for the OS (Debian and CentOS)
• Recently it\’s been announced that there is a custom OS option
• It\’s using a WIP virtio-scsi driver, lots of things still need more work
• Lots of technical and networking details about the struggles to get OpenBSD working on it

This episode was brought to you by

The Installfest

We\’ll be showing you the installer of each of the main BSDs. As of the date this episode airs, we\’re using:
+ FreeBSD 10.0
+ OpenBSD 5.4
+ NetBSD 6.1.2
+ DragonflyBSD 3.6
+ PCBSD 10.0

News Roundup

Building an OpenBSD wireless access point

• A neat write up we found around the internet about making an OpenBSD wifi router
• Goes through the process of PXE booting, installing base, using a serial console, setting up networking and wireless
• Even includes a puffy sticker on the Soekris box at the end, how cute

FreeBSD 4.X jails on 10.0

• Blog entry from our buddy Michael Lucas
• For whatever reason (an \”in-house application\”), he needed to run a FreeBSD 4 jail in FreeBSD 10
• Talks about the options he had: porting software, virtualizing, dealing with slow old hardware
• He goes through the whole process of making an ancient jail
• It\’s \”an acceptable trade-off, if it means I don’t have to touch actual PHP code.\”

Unscrewed: a story about OpenBSD

• Pretty long blog post about how a network admin used OpenBSD to save the day
• To set the tone, \”It was 5am, and the network was down\”
• Great war story about replacing expensive routers and networking equipment with cheaper hardware and BSD
• Mentions a lot of the built in tools and how OpenBSD is great for routers and high security applications

PCBSD weekly digest

• 10.0-RC3 is out and ready to be tested
• New detection of ATI Hybrid Graphics, they\’re working on nVidia next
• Fixed an issue with detecting disk drives that take a LONG time to probe
• Re-classifying Linux jails as unsupported / experimental (and all 4 people that use them wept)

Feedback/Questions

• Daniel writes in: https://slexy.org/view/s2uns1hMml
• Erik writes in: https://slexy.org/view/s2MeJNCCiu
• SW writes in: https://slexy.org/view/s21fBXkP2K
• Bostjan writes in: https://slexy.org/view/s20N9bfkum
• Samuel writes in: https://slexy.org/view/s20FU9wUO5

Contest

• We\’re going to be having our first viewer contest!
• We\’ll be giving away a handmade FreeBSD pillow – yes you heard right
• All you need to do is write a tutorial for the show
• Submit your BSD tutorial write-ups to feedback@bsdnow.tv
• If you want to email us your idea first, I can tell you if I already have a tutorial for that topic prewritten for the show in the backlog
• Check bsdnow.tv/contest for all the rules, details, instructions and a picture of the pillow.

• All the tutorials are posted in their entirety at bsdnow.tv
• The OpenBSD router tutorial has gotten some improvements. It now includes an option to encrypt all your DNS lookups, as well as some cool utilities you can use for bandwidth monitoring, performance improvements and other fun router stuff
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• BSD Now got some unintended publicity at the 30th Chaos Communication Congress (1:28:16 – 1:31:00 in the video)

The post The Installfest | BSD 19 first appeared on Jupiter Broadcasting.

This week we\’ll be talking to Amitai Schlair of the NetBSD foundation about pkgsrc, NetBSD\’s future plans and much more. After that, if you\’ve ever wondered what all this SSH stuff is about, today\’s tutorial has got you covered. We\’ll be showing you the basics of SSH, as well as how to combine it with tmux for persistent sessions. News, feedback and everything else, right here on BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Faces of FreeBSD

• The FreeBSD foundation is publishing articles on different FreeBSD developers
• This one is about Colin Percival (cperciva@), the ex-security officer
• Tells the story of how he first found BSD, what he contributed back, how he eventually became the security officer
• Running series with more to come

Lots of BSD presentation videos uploaded

• EuroBSDCon 2013 dev summit videos, AsiaBSDCon 2013 videos, MWL\’s presentation video
• Most of us never get to see the dev summit talks since they\’re only for developers
• AsiaBSDCon 2013 videos also up finally
• List of AsiaBSDCon presentation topics here
• Our buddy Michael W Lucas gave an \”OpenBSD for Linux users\” talk at a Michigan Unix Users Group.
• He says \”Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft and other OpenBSD stuff\”
• Really informative presentation, pretty long, answers some common questions at the end

Call for Presentations: FOSDEM 2014 and NYCBSDCon 2014

• FOSDEM 2014 will take place on 1–2 February, 2014, in Brussels, Belgium
• Just like in the last years, there will be both a BSD booth and a developer\’s room
• The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features.
• If you are in the area or want to go, check the show notes for details
• NYCBSDCon is also accepting papers.
• It\’ll be in New York City at the beginning of February 2014
• If anyone wants to give a talk at one of these conferences, go ahead and send in your stuff!

FreeBSD foundation\’s year-end fundraising campaign

• The FreeBSD foundation has been supporting the FreeBSD project and community for over 13 years
• As of today they have raised about half a million dollars, but still have a while to go
• Donations go towards new features, paying for the server infrastructure, conferences, supporting the community, hiring full-time staff members and promoting FreeBSD at events
• They are preparing the debut of a new online magazine, the FreeBSD Journal
• Typically big companies make their huge donations in December, like a couple of anonymous donors that gave around $250,000 each last year
• Make your donation today over at freebsdfoundation.org, every little bit helps
• Everyone involved with BSD Now made a donation last year and will do so again this year

Interview – Amitai Schlair – schmonz@netbsd.org / @schmonz

• The NetBSD Foundation, pkgsrc, future plans
• Can you start off by telling us a little bit about who you are and how you got involved with BSD in general?
• What are all your roles with the NetBSD project? What \”hats\” do you wear?
• What kind of tasks are assigned to the foundation? What does being on the board entail?
• Since you\’re also very involved with pkgsrc, could you give us a brief overview of what pkgsrc is, and how it compares to something like ports?
• What\’s planned for the next big release of NetBSD, and when can we expect it?
• In what ways do you personally use NetBSD? Desktops, servers, toasters? All of the above?
• If some of our listeners want to get involved with NetBSD and pkgsrc, where would you recommend they go to help out?
• How can people find you? Anything else you\’d like to mention?
• https://twitter.com/schmonz

Tutorial

A guide to SSH and tmux

• OpenSSH and tmux, a match made in heaven
• This guide shows how to do basic tasks with SSH
• Persistent sessions with tmux increase productivity

News Roundup

PS4 released

• Sony\’s Playstation 4 is finally released
• As previously thought, its OS is heavily based on FreeBSD and uses the kernel among other things
• Link in the show notes contains the full list of BSD software they\’re using
• Always good to see BSD being so widespread

BSD Mag November issue

• Free monthly BSD magazine publishes another issue
• This time their topics include: Configuring a Highly Available Service on FreeBSD, IT Inventory & Asset Management Automation, more FreeBSD Programming Primer, PfSense and Snort and a few others
• PDF linked in the show notes

pbulk builds made easy

• NetBSD\’s pbulk tool is similar to poudriere, but for pkgsrc
• While working on updating the documentation, a developer cleaned up quite a lot of code
• He wrote a script that automates pbulk deployment and setup
• The whole setup of a dedicated machine has been reduced to just three commands

PCBSD weekly digest

• Over 200 PBIs have been populated in to the PC-BSD 10 Stable Appcafe
• Many PC-BSD programs received some necessary bug fixes and updates
• Some include network detection in the package and update managers, nvidia graphic detection, security updates for PCDM

Feedback/Questions

• Peter writes in: https://slexy.org/view/s21oh3vP7t
• Kjell-Aleksander writes in: https://slexy.org/view/s21zfqcWMP
• Jordan writes in: https://slexy.org/view/s2ZmW77Odb
• Christian writes in: https://slexy.org/view/s2BZq7xiyo
• entransic writes in: https://slexy.org/view/s21xrk0M4k

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)

The post Collecting SSHells | BSD Now 12 first appeared on Jupiter Broadcasting.

We chat with OpenBSD founder Theo de Raadt, and we\’ll show you how to securely run graphical applications in a jail. Then we get you caught up on all the latest news.

All that and more, this week on BSD Now – the place to B.. SD.

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

HAMMER2 GSOC improvements merged

• A student from the Google Summer of Code\’s patches were committed to upstream Dragonfly
• It focuses mainly on compression and updating the I/O infrastructure to work with compression
• The ability to boot from HAMMER2 volumes was also added
• Check the show notes for a full list of additions and improvements
• We\’ll have someone on the show to talk about HAMMER FS in the future

OSNews starts a \”BSD family\” segment

• An OSNews reader decided to share some info about the BSDs
• He\’s writing a three-part series covering FreeBSD, OpenBSD and NetBSD
• Pretty good info for Linux switchers

pkgsrc-2013Q3 branch announcement

• pkgsrc is similar to the ports concept, but for 21 different OSes
• The pkgsrc developers make a new release every three months.
• 13184 total packages for AMD64
• If there\’s any interest, we\’ll try to get a pkgsrc tutorial written in the future

PCBSD 9.2 released

• Shortly after the official FreeBSD 9.2 release, PCBSD follows up
• Highlights include bootable ZFS boot environments, a rewritten life-preserver utility for backups, improved pkgng support, updated appcafe, major improvements to warden, a GUI pkgng management system, filesystem-based encryption for home directories and much more

Interview – Theo de Raadt – deraadt@openbsd.org

Tutorial

Jailed VNC sessions

• VNC lets you run GUI applications remotely and detach from them like tmux
• Running it in a jail provides another layer of security
• Can be used for isolated web browser instances and lots of other things
• If you don\’t know how to set up a jail, fear not – we\’ve already got a jail tutorial in the works

The place to B…SD

• vBSDCon October 25-27th
  • At the Dulles Hyatt in Virginia
  • Hybrid unconference, good mix of formal and informal
• Speakers include: Baptiste Daroussin, Devin Teske, Scott Long, Luigi Rizzo, and David Chisnall
• iXsystems hosts FreeBSD Anniversary party – November 2nd
• Celebrating FreeBSD’s 20th anniversary
• Saturday, November 2nd at the DNA Lounge in San Francisco
• Same location as the 10th anniversary party
• Notable FreeBSD figures will contribute words of wisdom on the past, present, and future of FreeBSD

News Roundup

Curve25519 patch for OpenSSH

• Because of recent NSA news, someone implemented an alternative key exchange mechanism
• It uses Curve25519 instead of the traditional Diffie-Hellman
• Comes from the developer of libssh and is already implemented there

FreeBSD 10-ALPHA5 is out

• Includes the big removal of BIND
• More GNU stuff removed
• Bhyve and XEN improvements
• Some LLVM fixes

M:Tier offering \”Long Time Support\” for OpenBSD ports

• Starting with 5.4, M:Tier will be offering a subscription for LTS support, in addition to their free 6 month version
• OpenBSD releases are only supported for 1 year normally (5.2 becomes unsupported when 5.4 comes out, etc.)
• This model makes it easier to keep your ports patched for security in a corporate environment

Ohio Linuxfest talks uploaded

• The OLF 2013 talks have been uploaded
• Includes Kirk Mckusick\’s keynote about building an open source community and Ken Moore\’s talk about lots of new PCBSD stuff

Theo\’s absence and other updates

• In an uncharacteristic manner, Theo started a thread on misc@ instead of finishing it
• For the last year, he\’s not been as involved in OpenBSD development as he should be
• He\’s been busy with setting up an Internet Exchange in Calgary
• Also mentions some troubles with an imposter Twitter account (which is now suspended)

Feedback/Questions

• Kenneth writes in: https://slexy.org/view/s24yODHGaW
• Jason writes in: https://slexy.org/view/s21SbqaOPi
• Alex writes in: https://slexy.org/view/s2yY3vHoIo
• Henson writes in: https://slexy.org/view/s20GDMHSUf

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, etc to feedback@bsdnow.tv
• We don’t check YouTube comments, JB comments, Reddit, etc. If you want us to see it, send it via email (the preferred way) or Twitter (also aceptable)
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Doing It de Raadt Way | BSD Now 6 first appeared on Jupiter Broadcasting.