solaris – Jupiter Broadcasting

Linus Torvalds has released Linux 4.13 to a waiting world and in so doing detailed a tricky work week in which he endured “seven hours of pure agony due to a kidney stone”.

Microsoft is turning Windows into the ultimate Linux Runtime

“In under a second I’ve run a Windows executable, I’ve fed that into one distribution of Linux and then taken that output and fed that into another distribution of Linux, which is pretty amazing,”

WinBtrfs

WinBtrfs is a Windows driver for the next-generation Linux filesystem Btrfs. A reimplementation from scratch, it contains no code from the Linux kernel, and should work on any version from Windows 7 onwards.

Hewlett Packard Enterprise Sends Supercomputer into Space to Accelerate Mission to Mars

SpaceX Is Sending A Linux-Powered Supercomputer To The Space

On August 14, 16:31 UTC, SpaceX’s Dragon Spacecraft will carry Hewlett-Packard’s supercomputer called Spaceborne Computer. This is being done as a part of an experiment to make computing devices capable enough to survive in space and assist humans in exploration. The launch will happen at the Kennedy Space Center, Florida.

Oracle just killed Solaris/SPARC/ZFS teams … | The FreeBSD Forums

Oracle, just layed off about 2500 people from Solaris, Storage (ZS1/ZFS), SPARC and Library teams, earlier this year 450 people has been layed off.

Oracle looks like it’s going to suggest Solaris users move to its SPARC-powered cloud.

Solaris to Linux Migration 2017

ZFS is available for Linux via the zfsonlinux and OpenZFS projects, and more recently was included in Canonical’s Ubuntu Linux distribution: Ubuntu Xenial 16.04 LTS (April 2016). It uses a Solaris Porting Layer (SPL) to provide a Solaris-kernel interface on Linux, so that unmodified ZFS code can execute.

Linux Academy

Linux Academy | Linux and AWS Online Training

Remote desktop capabilities making a comeback in GNOME on Wayland

Remote desktop under Wayland seems to finally be happening; thanks to work on new APIs and a new GNOME Remote Desktop service undertaken by Jonas Ådahl!

Status Icons and GNOME

From GNOME 3.26, we are therefore planning not to show status icons in GNOME Shell by default. We feel that, long-term, this change will enable us to provide a better experience for our users

My feeling is that we have actually been using status icons as a crutch for far too long – that they have been used to fill gaps in our APIs, gaps which are now thankfully getting filled – and that moving away from them will help us to extend application integration in some exciting directions.

Ubuntu GNOME Shell in Artful: Day 9 · ~DidRocks

A very visual update today on our new Artful default session! This one is, as promised about our new GNOME Shell theme and you can see below some examples of those changes.

#Ubuntu 17.10 (Artful Ardvark) to Support All Known Driverless Printing Standards, Ship with #GNOME 3.26 https://t.co/KLBTvRjl3a #Linux pic.twitter.com/XMdLXNoNtB

— Softpedia Linux (@softpedialinux) September 5, 2017

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Ubuntu Rally in NYC

Looking forward to seeing you in NYC! Travel safe Chris!

— Ubuntu (@ubuntu) September 5, 2017

The Ubuntu Rally, taking place in New York City September 25th-29th, is a forward-thinking five day software hackathon attended by major software vendors, Ubuntu developers working at every level of the stack, and community contributors.

TING

Ting – mobile that makes sense

Is Linux Missing the Bot Revolution?

Bot automation will sweep in faster than we realize.
Bots like Alice will surprise us with how quick they move in.
Most large bot platforms are Google, or Microsoft powered.

The post Gnome Does it Again | LINUX Unplugged 213 first appeared on Jupiter Broadcasting.

Privacy is Dead | TechSNAP 312

chris — Wed, 29 Mar 2017 00:27:34 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Alleged vDOS Owners Poised to Stand Trial

Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline.
On Sept. 8, 2016, KrebsOnSecurity published a story about the hacking of vDOS, a service that attracted tens of thousands of paying customers and facilitated countless distributed denial-of-service (DDoS) attacks over the four year period it was in business. That story named two young Israelis — Yarden Bidani and Itay Huri — as the likely owners and operators of vDOS, and within hours of its publication the two were arrested by Israeli police, placed on house arrest for 10 days, and forbidden from using the Internet for a month.
According to a story published Sunday by Israeli news outlet TheMarker.com, the government of Sweden also is urging Israeli prosecutors to pursue formal charges.
Law enforcement officials both in the United States and abroad say stresser services enable illegal activity, and they’ve recently begun arresting both owners and users of these services.

ZFS is what you want, even though you may not know – Dan talks about why he likes ZFS

The following is an ugly generalization and must not be read in isolation
Listen to the podcast for the following to make sense
Makes sysadmin life easier
treats the disks as a bucket source for filesystem
different file system attributes for different purposes, all on the same set of disks
Interesting things you didn’t know you could do with ZFS

Feedback

The following were referenced during the above Feedback segments:

Round Up:

The post Privacy is Dead | TechSNAP 312 first appeared on Jupiter Broadcasting.

Distro Engagement | LAS 446

chris — Sun, 04 Dec 2016 22:34:09 +0000

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

How to decided on a distro.

Ever since my upgrade from Ubuntu 16.04 to 16.10 borked my laptop I’ve been distro hopping like crazy and after the last rebuild today I have to ask: how the devil did you decide on a distro to stick with?
I been using Ubuntu, Ubuntu Mate, Solus, Elementary, Fedora, OpenSuse, and Antegos. But I can’t seem to pick on to stick with for more than a few weeks. Am I insane?

— PICKS —

Runs Linux

Digital Signage RUNS LINUX

StreetSign is a digital signage system, originally written for the TeenStreet 2013 (Germany) youth congress. It works with a single server, and multiple client computers (for TS2013 we used Raspberry Pis) which connect over the network. It is light-weight enough that a raspberry pi can run as the server as well, for smaller installations.

Desktop App Pick

Unmark – The to do app for bookmarks.

Unmark is designed to help you actually do something with your bookmarks, rather than just hoard them. A simple layout puts the focus on your task at hand and friendly reminders keep you in line. Filtering options let you find what you’re looking for.

Spotlight Karbon

Karbon is a vector drawing application with an user interface that is easy to use, highly customizable and extensible. That makes Karbon a great application for users starting to explore the world of vector graphics as well as for artists wanting to create breathtaking vector art.

Whether you want to create clipart, logos, illustrations or photorealistic vector images – look no further, Karbon is the tool for you!

Chris’ Personal YouTube Channel – MeetBSD and Behind the Scenes Noah Vist Videos Soon

— NEWS —

Taking a stand against unofficial Ubuntu images

We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways

mjg59 | Ubuntu still isn’t free software

The appropriate means to handle this kind of issue is trademark law. If someone claims that something is Ubuntu when it isn’t, that’s probably an infringement of the trademark and it’s entirely reasonable for the trademark owner to take action to protect the value associated with their trademark. But Canonical’s _IP policy_goes much further than that – it can be interpreted as meaning[1] that you can’t distribute works based on Ubuntu without paying Canonical for the privilege

Intellectual property rights policy | Terms and policies | Ubuntu

Any redistribution of modified versions of Ubuntu must be approved, certified or provided by Canonical if you are going to associate it with the Trademarks. Otherwise you must remove and replace the Trademarks and will need to recompile the source code to create your own binaries. This does not affect your rights under any open source licence applicable to any of the components of Ubuntu. If you need us to approve, certify or provide modified versions for redistribution you will require a licence agreement from Canonical, for which you may be required to pay. For further information, please contact us (as set out below).

Fitbit is buying troubled smartwatch maker Pebble for around $40 million

The site reports that the acquisition is a “small amount” but there’s no word on exactly how much, or indeed how little. Further, The Information said that the deal will see Pebble and its products closed down over time, with Fitbit acquiring its assets, which include intellectual property and software.

Giving Thanks (along with a Shipping Update) – Mycroft

Before I blather on I’ll get to what many are most interested in — the hardware shipping update.

Plex for Kodi

A dedicated device running Kodi and the Plex for Kodi add-on gives you a slick, configurable way to play your media in your home theater. Kodi AV settings enable powerfully advanced knob twisting and lever sliding to fine tune playback for a customized viewing experience! Settings nirvana!

Solaris being canned, at least 50% of teams to be RIF’d in short term – post regarding Oracle Corp. layoffs

There will be no Solaris 12, final release will be 11.4.

Feedback:

Mail Bag

Name: Brad C
Subject: Cheap Linux Laptop
Message:

: My daughter’s school recently got 20 Chromebooks to share between 3 4th grade classes. As you might imagine that is not enough. They are recommending that parents buy one for their kids, but also say a PC or Mac laptop would be fine. I’ve had my daughter doing her work on an old laptop that I put Ubuntu 16.04 on (but it’s a 17 inch laptop). I’m wondering if there are any small inexpensive laptops that could run Ubuntu that you could suggest. Most of her work is with Google docs and Google classroom.

I love all the JB shows!

Thanks

Name: Barry H
Subject: Microsoft Moving to Linux?
Message:

This isnt really a question but a prediction that could be good or bad depending on how you look at it. With MS adding in support for bash etc in win 10 and then creating .net sdk etc for linux which allows powershell etc to run. Do you think as I do that MS may be looking at moving Win 10 (No Server editions of their products only their desktop/laptop/mobile OS) to a linux distro and then having MS packages like .net etc running on top. This would mean they dont have to support patch etc a desktop distro that takes up alot of their time and money but basically get the open source community to do that for them. Obviously this wont happen in next 5 years maybe not even for a while after that for a while. But I do think it may be something they looking into… PS Send my regards to Chris and the team for a great show(s). Cheers

SIP Calling – What do you use?

Hello everyone. This is my first post on the sub.

I hear Noah mention sip calling sometimes. I am wondering what he uses and what you guys use? I am looking for a good inexpensive provider. I need to be able to receive inbound calls and make outbound calls outside of SIP. I have looked around the web and I can see there are plenty of options.

Thanks for all the feedback guys!
Asterisk is probably way more than I need. I am looking for simple. I am leaning towards Local Phone. Great price and a decent user interface on their website. If call quality is good then im set!

Catch the show LIVE SUNDAY:

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Twitter

The post Distro Engagement | LAS 446 first appeared on Jupiter Broadcasting.

Ubuntu Slaughters Kittens | BSD Now 103

chris — Thu, 20 Aug 2015 08:51:40 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Allan’s away at BSDCam this week, but we’ve still got an exciting episode for you. We sat down with Bryan Cantrill, CTO of Joyent, to talk about a wide variety of topics: dtrace, ZFS, pkgsrc, containers & much more. This is easily our longest interview to date!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Interview – Bryan Cantrill – bryan@joyent.com / @bcantrill

BSD and Solaris history, illumos, dtrace, Joyent, pkgsrc, various topics

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
BSD Now tshirts are now available to preorder, and will be shipping in September (you have until the end of August to place an order, then they’re gone)
We’ll be back next week with a normal episode

The post Ubuntu Slaughters Kittens | BSD Now 103 first appeared on Jupiter Broadcasting.

Straight from the Src | BSD Now 100

chris — Thu, 30 Jul 2015 10:33:39 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’ve finally reached a hundred episodes, and this week we’ll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere & he even runs a conference about it!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Remote DoS in the TCP stack

A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections
While in the LAST_ACK state, which is one of the final stages of a connection’s lifetime, the connection can get stuck and hang there indefinitely
This problem has a slightly confusing history that involves different fixes at different points in time from different people
Juniper originally discovered the bug and announced a fix for their proprietary networking gear on June 8th
On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch, but did not issue a security notice or MFC the fix back to the -stable branches
On July 13th, two weeks later, OpenBSD fixed the issue in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found
Immediately afterwards, they merged it back to -stable and issued an errata notice for 5.7 and 5.6
On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix and issued a security notice for the problem (which didn’t include the first fix)
After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way
NetBSD confirmed they were vulnerable too, and applied another completely different fix to -current on July 24th, but haven’t released a security notice yet
DragonFly is also investigating the issue now to see if they’re affected as well

c2k15 hackathon reports

Reports from OpenBSD’s latest hackathon, held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these)
The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event
He writes, “Did you ever look at a huge page in man, wanted to jump to the definition of a specific term – say, in ksh, to the definition of the “command” built-in command – and had to step through dozens of false positives with the less ‘/’ and ‘n’ search keys before you finally found the actual definition?”
With mandoc’s new internal jump targets, this is a problem of the past now
Jasper also sent in a report, doing his usual work with Puppet (and specifically “Facter,” a tool used by Puppet to gather various bits of system information)
Aside from that and various ports-related work, Jasper worked on adding tame support to some userland tools, fixing some Octeon stuff and introduced something that OpenBSD has oddly lacked until now: an “-i” flag for sed (hooray!)
Antoine Jacoutot gave a report on what he did at the hackathon as well, including improvements to the rcctl tool (for configuring startup services)
It now has an “ls” subcommand with status parsing, allowing you to list running services, stopped services or even ones that failed to start or are supposed to be running (he calls this “the poor man’s service monitoring tool”)
He also reworked some of the rc.d system to allow smoother operation of multiple instances of the same daemon to run (using tor with different config files as an example)
His list also included updating ports, updating ports documentation, updating the hotplug daemon and laying out some plans for automatic sysmerge for future upgrades
Foundation director Ken Westerback was also there, getting some disk-related and laptop work done
He cleaned up and committed the 4k sector softraid code that he’d been working on, as well as fixing some trackpad issues
Stefan Sperling, OpenBSD’s token “wireless guy,” had a lot to say about the hackathon and what he did there (and even sent in his write-up before he got home)
He taught tcpdump about some new things, including 802.11n metadata beacons (there’s a lot more specific detail about this one in the report)
Bringing a bag full of USB wireless devices with him, he set out to get the unsupported ones working, as well as fix some driver bugs in the ones that already did work
One quote from Stefan’s report that a lot of people seem to be talking about: “Partway through the hackathon tedu proposed an old diff of his to make our base ls utility display multi-byte characters. This led to a long discussion about how to expand UTF-8 support in base. The conclusion so far indicates that single-byte locales (such as ISO-8859-1 and KOI-8) will be removed from the base OS after the 5.8 release is cut. This simplifies things because the whole system only has to care about a single character encoding. We’ll then have a full release cycle to bring UTF-8 support to more base system utilities such as vi, ksh, and mg. To help with this plan, I started organizing a UTF-8-focused hackathon for some time later this year.”
Jeremy Evans wrote in to talk about updating lots of ports, moving the ruby ports up to the latest version and also creating perl and ruby wrappers for the new tame subsystem
While he’s mainly a ports guy, he got to commit fixes to ports, the base system and even the kernel during the hackathon
Rafael Zalamena, who got commit access at the event, gives his very first report on his networking-related hackathon activities
With Rafael’s diffs and help from a couple other developers, OpenBSD now has support for VPLS
Jonathan Gray got a lot done in the area of graphics, working on OpenGL and Mesa, updating libdrm and even working with upstream projects to remove some GNU-specific code
As he’s become somewhat known for, Jonathan was also busy running three things in the background: clang’s fuzzer, cppcheck and AFL (looking for any potential crashes to fix)
Martin Pieuchot gave an write-up on his experience: “I always though that hackathons were the best place to write code, but what’s even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that’s what I did.”
He laid out some plans for the wireless stack, discussed future plans for PF, made some routing table improvements and did various other bits to the network stack
Unfortunately, most of Martin’s secret plans seem to have been left intentionally vague, and will start to take form in the next release cycle
We’re still eagerly awaiting a report from one of OpenBSD’s newest developers, Alexandr Nedvedicky (the Oracle guy who’s working on SMP PF and some other PF fixes)
OpenBSD 5.8’s “beta” status was recently reverted, with the message “take that as a hint,” so that may mean more big changes are still to come…

FreeBSD quarterly status report

FreeBSD has published their quarterly status report for the months of April to June, citing it to be the largest one so far
It’s broken down into a number of sections: team reports, projects, kernel, architectures, userland programs, ports, documentation, Google Summer of Code and miscellaneous others
Starting off with the cluster admin, some machines were moved to the datacenter at New York Internet, email services are now more resilient to failure, the svn mirrors (now just “svn.freebsd.org”) are now using GeoGNS with official SSL certs and general redundancy was increased
In the release engineering space, ARM and ARM64 work continues to improve on the Cavium ThunderX, more focus is being put into cloud platforms and the 10.2-RELEASE cycle is reaching its final stages
The core team has been working on phabricator, the fancy review system, and is considering to integrate oauth support soon
Work also continues on bhyve, and more operating systems are slowly gaining support (including the much-rumored Windows Server 2012)
The report also covers recent developments in the Linux emulation layer, and encourages people using 11-CURRENT to help test out the 64bit support
Multipath TCP was also a hot topic, and there’s a brief summary of the current status on that patch (it will be available publicly soon)
ZFSguru, a project we haven’t talked about a lot, also gets some attention in the report – version 0.3 is set to be completed in early August
PCIe hotplug support is also mentioned, though it’s still in the development stages (basic hot-swap functions are working though)
The official binary packages are now built more frequently than before with the help of additional hardware, so AMD64 and i386 users will have fresher ports without the need for compiling
Various other small updates on specific areas of ports (KDE, XFCE, X11…) are also included in the report
Documentation is a strong focus as always, a number of new documentation committers were added and some of the translations have been improved a lot
Many other topics were covered, including foundation updates, conference plans, pkgsrc support in pkgng, ZFS support for UEFI boot and much more

The OpenSSH bug that wasn’t

There’s been a lot of discussion about a supposed flaw in OpenSSH, allowing attackers to substantially amplify the number of password attempts they can try per session (without leaving any abnormal log traces, even)
There’s no actual exploit to speak of; this bug would only help someone get more bruteforce tries in with a fewer number of connections
FreeBSD in its default configuration, with PAM and ChallengeResponseAuthentication enabled, was the only one vulnerable to the problem – not upstream OpenSSH, nor any of the other BSDs, and not even the majority of Linux distros
If you disable all forms of authentication except public keys, like you’re supposed to, then this is also not a big deal for FreeBSD systems
Realistically speaking, it’s more of a PAM bug than anything else
OpenSSH added an additional check for this type of setup that will be in 7.0, but simply changing your sshd_config is enough to mitigate the issue for now on FreeBSD (or you can run freebsd-update)

Interview – Sebastian Wiedenroth – wiedi@netbsd.org / @wied0r

pkgsrc and pkgsrcCon

News Roundup

Now served by OpenBSD

We’ve mentioned that you can also install OpenBSD on DO droplets, and this blog post is about someone who actually did it
The use case for the author was for a webserver, so he decided to try out the httpd in base
Configuration is ridiculously simple, and the config file in his example provides an HTTPS-only webserver, with plaintext requests automatically redirecting
TLS 1.2 by default, strong ciphers with LibreSSL and HSTS combined give you a pretty secure web server

FreeBSD laptop playbooks

A new project has started up on Github for configuring FreeBSD on various laptops, unsurprisingly named “freebsd-laptops”
It’s based on ansible, and uses the playbook format for automatic set up and configuration
Right now, it’s only working on a single Lenovo laptop, but the plan is to add instructions for many more models
Check the Github page for instructions on how to get started, and maybe get involved if you’re running FreeBSD on a laptop

NetBSD on the NVIDIA Jetson TK1

If you’ve never heard of the Jetson TK1, we can go ahead and spoil the secret here: NetBSD runs on it
As for the specs, it has a quad-core ARMv7 CPU at 2.3GHz, 2 gigs of RAM, gigabit ethernet, SATA, HDMI and mini-PCIE
This blog post shows which parts of the board are working with NetBSD -current (which seems to be almost everything)
You can even run X11 on it, pretty sweet

DragonFly power mangement options

DragonFly developer Sepherosa, who we’ve had on the show, has been doing some ACPI work over there
In this email, he presents some of DragonFly’s different power management options: ACPI P-states, C-states, mwait C-states and some Intel-specific bits as well
He also did some testing with each of them and gave his findings about power saving
If you’ve been thinking about running DragonFly on a laptop, this would be a good one to read

OpenBSD router under FreeBSD bhyve

If one BSD just isn’t enough for you, and you’ve only got one machine, why not run two at once
This article talks about taking a FreeBSD server running bhyve and making a virtualized OpenBSD router with it
If you’ve been considering switching over your router at home or the office, doing it in a virtual machine is a good way to test the waters before committing to real hardware
The author also includes a little bit of history on how he got into both operating systems
There are lots of mixed opinions about virtualizing core network components, so we’ll leave it up to you to do your research
Of course, the next logical step is to put that bhyve host under Xen on NetBSD…

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We’re always looking for interviews – get in touch if you’re doing anything cool with BSD that you’d like to talk about (or want to suggest someone else)

The post Straight from the Src | BSD Now 100 first appeared on Jupiter Broadcasting.

Lost Technology | BSD Now 96

chris — Thu, 02 Jul 2015 10:22:23 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up this week, we’ll be talking with Jun Ebihara about some lesser-known CPU architectures in NetBSD. He’ll tell us what makes these old (and often forgotten) machines so interesting. As usual, we’ve also got answers to your emails and all this week’s news on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Out with the old, in with the less

Our friend Ted Unangst has a new article up, talking about “various OpenBSD replacements and reductions”
“Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs.”
In the post, he goes through some of the bigger (and smaller) examples of OpenBSD rewriting tools to be simpler and more secure
It starts off with a lesser-known SCSI driver that “tried to do too much” being replaced with three separate drivers
“Each driver can now be modified in isolation without unintentional side effects on other hardware, or the need to consider if and where further special cases need to be added. Despite the fact that these three drivers duplicate all the common boilerplate code, combined they only amount to about half as much code as the old driver.”
In contrast to that example, he goes on to cite mandoc as taking a very non “unixy” direction, but at the same time being smaller and simpler than all the tools it replaced
The next case is the new http daemon, and he talks a bit about the recently-added rewrite support being done in a simple and secure way (as opposed to regex and its craziness)
He also talks about the rewritten “file” utility: “Almost by definition, its sole input will be untrusted input. Perversely, people will then trust what file tells them and then go about using that input, as if file somehow sanitized it.”
Finally, sudo in OpenBSD’s base system is moving to ports soon, and the article briefly describes a new tool that may or may not replace it, called “doas”
There’s also a nice wrap-up of all the examples at the end, and the “Pruning and Polishing” talk is good complementary reading material

SMP steroids for PF

An Oracle employee that’s been porting OpenBSD’s PF to an upcoming Solaris release has sent in an interesting patch for review
Attached to the mail was what may be the beginnings of making native PF SMP-aware
Before you start partying, the road to SMP (specifically, giant lock removal) is a long and very complicated one, requiring every relevant bit of the stack to be written with it in mind – this is just one piece of the puzzle
The initial response has been quite positive though, with some back and forth between developers and the submitter
For now, let’s be patient and see what happens

DragonFly 4.2.0 released

DragonFlyBSD has released the next big update of their 4.x branch, complete with a decent amount of new features and fixes
i915 and Radeon graphics have been updated, and DragonFly can claim the title of first BSD with Broadwell support in a release
Sendmail in the base system has been replaced with their homegrown DragonFly Mail Agent, and there’s a wiki page about configuring it
They’ve also switched the default compiler to GCC 5, though why they’ve gone in that direction instead of embracing Clang is a mystery
The announcement page also contains a list of kernel changes, details on the audio and graphics updates, removal of the SCTP protocol, improvements to the temperature sensors, various userland utility fixes and a list of updates to third party tools
Work is continuing on the second generation HAMMER filesystem, and Matt Dillon provides a status update in the release announcement
There was also some hacker news discussion you can check out, as well as upgrade instructions

OpenSMTPD 5.7.1 released

The OpenSMTPD guys have just released version 5.7.1, a major milestone version that we mentioned recently
Crypto-related bits have been vastly improved: the RSA engine is now privilege-separated, TLS errors are handled more gracefully, ciphers and curve preferences can now be specified, the PKI interface has been reworked to allow custom CAs, SNI and certificate verification have been simplified and the DH parameters are now 2048 bit by default
The long-awaited filter API is now enabled by default, though still considered slightly experimental
Documentation has been improved quite a bit, with more examples and common use cases (as well as exotic ones)
Many more small additions and bugfixes were made, so check the changelog for the full list
Starting with 5.7.1, releases are now cryptographically signed to ensure integrity
This release has gone through some major stress testing to ensure stability – Gilles regularly asks their Twitter followers to flood a test server with thousands of emails per second, even offering prizes to whoever can DDoS them the hardest
OpenSMTPD runs on all the BSDs of course, and seems to be getting pretty popular lately
Let’s all encourage Kris to stop procrastinating on switching from Postfix

Interview – Jun Ebihara (蛯原純) – jun@soum.co.jp / @ebijun

Lesser-known CPU architectures, embedded NetBSD devices

News Roundup

FreeBSD foundation at BSDCan

The FreeBSD foundation has posted a few BSDCan summaries on their blog
The first, from Steven Douglas, begins with a sentiment a lot of us can probably identify with: “Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people.”
He got to meet a lot of the people working on big-name projects, and enjoyed being able to ask them questions so easily
Their second trip report is from Ahmed Kamal, who flew in all the way from Egypt
A bit starstruck, he seems to have enjoyed all the talks, particularly Andrew Tanenbaum’s about MINIX and NetBSD
There are also two more wrap-ups from Zbigniew Bodek and Vsevolod Stakhov, so you’ve got plenty to read

OpenBSD from a veteran Linux user perspective

In a new series of blog posts, a self-proclaimed veteran Linux user is giving OpenBSD a try for the first time
“For the first time I installed a BSD box on a machine I control. The experience has been eye-opening, especially since I consider myself an ‘old-school’ Linux admin, and I’ve felt out of place with the latest changes on the system administration.”
The post is a collection of his thoughts about what’s different between Linux and BSD, what surprised him as a beginner – admittedly, a lot of his knowledge carried over, and there were just minor differences in command flags
One of the things that surprised him (in a positive way) was the documentation: “OpenBSD’s man pages are so nice that RTFMing somebody on the internet is not condescending but selfless.”
He also goes through some of the basics, installing and updating software, following different branches
It concludes with “If you like UNIX, it will open your eyes to the fact that there is more than one way to do things, and that system administration can still be simple while modern.”

FreeBSD on the desktop, am I crazy

Similar to the previous article, the guy that wrote the SSH two factor authentication post we covered last week has another new article up – this time about FreeBSD on the desktop
He begins with a bit of forewarning for potential Linux switchers: “It certainly wasn’t an easy journey, and I’m tempted to say do not try this at home to anybody who isn’t going to leverage any of FreeBSD’s strong points. Definitely don’t try FreeBSD on the desktop if you haven’t used it on servers or virtual machines before. It’s got less in common with Linux than you might think.”
With that out of the way, the list of positives is pretty large: a tidy base system, separation between base and ports, having the option to choose binary packages or ports, ZFS, jails, licensing and of course the lack of systemd
The rest of the post talks about some of the hurdles he had to overcome, namely with graphics and the infamous Adobe Flash
Also worth noting is that he found jails to be not only good for isolating daemons on a server, but pretty useful for desktop applications as well
In the end, he says it was worth all the trouble, and is even planning on converting his laptop to FreeBSD soon too

OpenIKED and Cisco CSR 1000v IPSEC

This article covers setting up a site-to-site IPSEC tunnel between a Cisco CSR 1000v router and an OpenBSD gateway running OpenIKED
What kind of networking blog post would be complete without a diagram where the internet is represented by a big cloud
There are lots of details (and example configuration files) for using IKEv2 and OpenBSD’s built-in IKE daemon
It also goes to show that the BSDs generally play well with existing network infrastructure, so if you were a business that’s afraid to try them… don’t be

HardenedBSD improves stack randomization

The HardenedBSD guys have improved their FreeBSD ASLR patchset, specifically in the stack randomization area
In their initial implementation, the stack randomization was a random gap – this update makes the base address randomized as well
They’re now stacking the new on top of the old as well, with the goal being even more entropy
This change triggered an ABI and API incompatibility, so their major version has been bumped

OpenSSH 6.9 released

The OpenSSH team has announced the release of a new version which, following their tick/tock major/minor release cycle, is focused mainly on bug fixes
There are a couple new things though – the “AuthorizedKeysCommand” config option now takes custom arguments
One very notable change is that the default cipher has changed as of this release
The traditional pairing of AES128 in counter mode with MD5 HMAC has been replaced by the ever-trendy ChaCha20-Poly1305 combo
Their next release, 7.0, is set to get rid a number of legacy items: PermitRootLogin will be switched to “no” by default, SSHv1 support will be totally disabled, the 1024bit diffie-hellman-group1-sha1 KEX will be disabled, old ssh-dss and v00 certs will be removed, a number of weak ciphers will be disabled by default (including all CBC ones) and RSA keys will be refused if they’re under 1024 bits
Many small bugs fixes and improvements were also made, so check the announcement for everything else
The native version is in OpenBSD -current, and an update to the portable version should be hitting a ports or pkgsrc tree near you soon

Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
We’d love to see more participation from the listeners – get in touch with us if you’re doing something interesting you’d like to talk about (or have already written about)
If you’re using DNSCrypt on your router to protect your DNS lookups, as mentioned in a few of our tutorials, you may want to consider switching the authoritative resolver away from OpenDNS (since Cisco recently bought them and doesn’t have the best security record)

The post Lost Technology | BSD Now 96 first appeared on Jupiter Broadcasting.

PIE in the Sky | BSD Now 85

chris — Thu, 16 Apr 2015 11:18:11 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This time on the show, we’ll be talking with Pascal Stumpf about static PIE in the upcoming OpenBSD release. He’ll tell us what types of attacks it prevents, and why it’s such a big deal. We’ve also got answers to questions from you in the audience and all this week’s news, on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Solaris’ networking future is with OpenBSD

A curious patch from someone with an Oracle email address was recently sent in to one of the OpenBSD mailing lists
It was revealed that future releases of Solaris are going to drop their IPFilter firewall entirely, in favor of a port of the current version of PF
For anyone unfamiliar with the history of PF, it was actually made as a replacement for IPFilter in OpenBSD, due to some licensing issues
What’s more, Solaris was the original development platform for IPFilter, so the fact that it would be replaced in its own home is pretty interesting
This blog post goes through some of the backstory of the two firewalls
PF is in a lot of places – other BSDs, Mac OS X and iOS – but there are plenty of other OpenBSD-developed technologies end up ported to other projects too
“Many of the world’s largest corporations and government agencies are heavy Solaris users, meaning that even if you’re neither an OpenBSD user or a Solaris user, your kit is likely interacting intensely with both kinds, and with Solaris moving to OpenBSD’s PF for their filtering needs, we will all be benefiting even more from the OpenBSD project’s emphasis on correctness, quality and security”
You’re welcome, Oracle

BAFUG discussion videos

The Bay Area FreeBSD users group has been uploading some videos from their recent meetings
Sean Bruno gave a recap of his experiences at EuroBSDCon last year, including the devsummit and some proposed ideas from it (as well as their current status)
Craig Rodrigues also gave a talk about Kyua and the FreeBSD testing framework
Lastly, Kip Macy gave a talk titled “network stack changes, user-level FreeBSD”
The main two subjects there are some network stack changes, and how to get more people contributing, but there’s also open discussion about a variety of FreeBSD topics
If you’re close to the Bay Area in California, be sure to check out their group and attend a meeting sometime

More than just a makefile

If you’re not a BSD user just yet, you might be wondering how the various ports and pkgsrc systems compare to the binary way of doing things on Linux
This blog entry talks about the ports system in OpenBSD, but a lot of the concepts apply to all the ports systems across the BSDs
As it turns out, the ports system really isn’t that different from a binary package manager – they are what’s used to create binary packages, after all
The author goes through what makefiles do, customizing which options software is compiled with, patching source code to build and getting those patches back upstream
After that, he shows you how to get your new port tested, if you’re interesting in doing some porting yourself, and getting involved with the rest of the community
This post is very long and there’s a lot more to it, so check it out (and more discussion on Hacker News)

Securing your home fences

Hopefully all our listeners have realized that trusting your network(s) to a consumer router is a bad idea by now
We hear from a lot of users who want to set up some kind of BSD-based firewall, but don’t hear back from them after they’ve done it.. until now
In this post, someone goes through the process of setting up a home firewall using OPNsense on a PCEngines APU board
He notes that you have a lot of options software-wise, including vanilla FreeBSD, OpenBSD or even Linux, but decided to go with OPNsense because of the easy interface and configuration
The post covers all the hardware you’ll need, getting the OS installed to a flash drive or SD card and going through the whole process
Finally, he goes through setting up the firewall with the graphical interface, applying updates and finishing everything up
If you don’t have any experience using a serial console, this guide also has some good info for beginners about those (which also applies to regular FreeBSD)
We love super-detailed guides like this, so everyone should write more and send them to us immediately

Interview – Pascal Stumpf – pascal@openbsd.org

Static PIE in OpenBSD

News Roundup

LLVM’s new libFuzzer

We’ve discussed fuzzing on the show a number of times, albeit mostly with the American Fuzzy Lop utility
It looks like LLVM is going to have their own fuzzing tool too now
The Clang and LLVM guys are no strangers to this type of code testing, but decided to “close the loop” and start fuzzing parts of LLVM (including Clang) using LLVM itself
With Clang being the default in both FreeBSD and Bitrig, and with the other BSDs considering the switch, this could make for some good bug hunting across all the projects in the future

HardenedBSD upgrades secadm

The HardenedBSD guys have released a new version of their secadm tool, with the showcase feature being integriforce support
We covered both the secadm tool and integriforce in previous episodes, but the short version is that it’s a way to prevent files from being altered (even as root)
Their integriforce feature itself has also gotten a couple improvements: shared objects are now checked too, instead of just binaries, and it uses more caching to speed up the whole process now

RAID5 returns to OpenBSD

OpenBSD’s softraid subsystem, somewhat similar to FreeBSD’s GEOM, has had experimental RAID5 support for a while
However, it was exactly that – experimental – and required a recompile to enable
With some work from recent hackathons, the final piece was added to enable resuming partial array rebuilds
Now it’s on by default, and there’s a call for testing being put out, so grab a snapshot and put the code through its paces
The bioctl softraid command also now supports DUIDs during pseudo-device detachment, possibly paving the way for the installer to drop the “do you want to enable DUIDs?” question entirely

pkgng 1.5.0 released

Going back to what we talked about last week, the final version of pkgng 1.5.0 is out
The “provides” and “requires” support is finally in a regular release
A new “-r” switch will allow for direct installation to a chroot or alternate root directory
Memory usage should be much better now, and some general code speed-ups were added
This version also introduces support for Mac OS X, NetBSD and EdgeBSD – it’ll be interesting to see if anything comes of that
Many more bugs were fixed, so check the mailing list announcement for the rest (and plenty new bugs were added, according to bapt)

p2k15 hackathon reports

There was another OpenBSD hackathon that just finished up in the UK – this time it was mainly for ports work
As usual, the developers sent in reports of some of the things they got done at the event
Landry Breuil, both an upstream Mozilla developer and an OpenBSD developer, wrote in about the work he did on the Firefox port (specifically WebRTC) and some others, as well as reviewing lots of patches that were ready to commit
Stefan Sperling wrote in, detailing his work with wireless chipsets, specifically when the vendor doesn’t provide any hardware documentation, as well as updating some of the games in ports
Ken Westerback also sent in a report, but decided to be a rebel and not work on ports at all – he got a lot of GPT-related work done, and also reviewed the RAID5 support we talked about earlier

Feedback/Questions

Mailing List Gold

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you want to come on for an interview, or know someone else who might be interesting to hear from, let us know

The post PIE in the Sky | BSD Now 85 first appeared on Jupiter Broadcasting.

Noah’s L2ARC | BSD Now 77

chris — Thu, 19 Feb 2015 12:12:30 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

This week on the show, we’ll be chatting with Alex Reece and Matt Ahrens about what’s new in the world of OpenZFS. After that, we’re starting a new tutorial series on submitting your first patch. All the latest BSD news and answers to your emails, coming up on BSD Now – the place to B.. SD.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Revisiting FreeBSD after 20 years

With comments like “has Linux lost its way?” floating around, a Debian developer was prompted to revisit FreeBSD after nearly two decades
This blog post goes through his experiences trying out a modern BSD variant, and includes the good, the bad and the ugly – not just praise this time
He loves ZFS and the beadm tool, and finds the FreeBSD implementation to be much more stable than ZoL
On the topic of jails, he summarizes: “Linux has tried so hard to get this right, and fallen on its face so many times, a person just wants to take pity sometimes. We’ve had linux-vserver, openvz, lxc, and still none of them match what FreeBSD jails have done for a long time.”
The post also goes through the “just plain different” aspects of a complete OS vs. a distribution of various things pieced together
Finally, he includes some things he wasn’t so happy about: subpar laptop support, virtualization being a bit behind, a myriad of complaints about pkgng and a few other things
There was some decent discussion on Hacker News about this article too, with counterpoints from both sides

s2k15 hackathon report: network stack SMP

The first trip report from the recent OpenBSD hackathon in Australia has finally been submitted
One of the themes of this hackathon was SMP (symmetric multiprocessing) improvement, and Martin Pieuchot did some hacking on the network stack
If you’re not familiar with him, he gave a presentation at EuroBSDCon last year, titled Taming OpenBSD Network Stack Dragons
Teaming up with David Gwynne, they worked on getting some bits of the networking code out of the big lock
Hopefully more trip reports will be sent in during the coming weeks
Most of the big code changes should probably appear after the 5.7-release testing period

From BIND to NSD and Unbound

If you’ve been running a DNS server on any of the BSDs, you’ve probably noticed a semi-recent trend: BIND being replaced with Unbound
BIND was ripped out in FreeBSD 10.0 and will be gone in OpenBSD 5.7, but both systems include Unbound now as an alternative
OpenBSD goes a step further, also including NSD in the base system
Instead of one daemon doing everything like BIND tried to do, this new setup splits the authoritative nameserver and the caching resolver into two separate daemons
This post takes you through the transitional phase of going from a single BIND setup to a combination of NSD and Unbound
All in all, everyone wins here, as there will be a lot less security advisories in both BSDs because of it…

m0n0wall calls it quits

The original, classic BSD firewall distribution m0n0wall has finally decided to close up shop
For those unfamiliar, m0n0wall was a FreeBSD-based firewall project that put a lot of focus on embedded devices: running from a CF card, CD, USB drive or even a floppy disk
It started over twelve years ago, which is pretty amazing when you consider that’s around half of FreeBSD itself’s lifespan
The project was probably a lot of people’s first encounter with BSD in any form
If you were a m0n0wall user, fear not, you’ve got plenty of choices for a potential replacement: doing it yourself with something like FreeBSD or OpenBSD, or going the premade route with something like pfSense, OPNsense or the BSD Router Project
The founder’s announcement includes these closing words: “m0n0wall has served as the seed for several other well known open source projects, like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense, aims to continue the open source spirit of m0n0wall while updating the technology to be ready for the future. In my view, it is the perfect way to bring the m0n0wall idea into 2015, and I encourage all current m0n0wall users to check out OPNsense and contribute if they can.”
While m0n0wall didn’t get a lot of on-air mention, surely a lot of our listeners will remember it fondly

Interview – Alex Reece & Matt Ahrens – alex@delphix.com & matt@delphix.com / @openzfs

What’s new in OpenZFS

Tutorial

Making your first patch (OpenBSD)

News Roundup

Overlaying remote LANs with OpenBSD’s VXLAN

Have you ever wanted to “merge” multiple remote LANs? OpenBSD’s vxlan(4) is exactly what you need
This article talks about using it to connect two virtualized infrastructures on different ESXi servers
It gives a bit of networking background first, in case you’re not quite up to speed on all this stuff
This tool opens up a lot of very cool possibilities, even possibly doing a “remote” LAN party
Be sure to check the AsiaBSDCon talk about VXLANs if you haven’t already

2020, year of the PCBSD desktop

Here we have a blog post about BSD on the desktop, straight from a KDE developer
He predicts that PCBSD is going to take off before the year 2020, possibly even overtaking Linux’s desktop market share (small as it may be)
With PCBSD making a preconfigured FreeBSD desktop a reality, and the new KMS work, the author is impressed with how far BSD has come as a viable desktop option
ZFS and easy-to-use boot environments top the list of things he says differentiate the BSD desktop experience from the Linux one
There was also some discussion on Slashdot that might be worth reading

OpenSSH host key rotation, redux

We mentioned the new OpenSSH host key rotation and other goodies in a previous episode, but things have changed a little bit since then
djm says “almost immediately after smugly declaring ‘mission accomplished’, the bug reports started rolling in.”
There were some initial complaints from developers about the new options, and a serious bug shortly thereafter
After going back to the drawing board, he refactored some of the new code (and API) and added some more regression tests
Most importantly, the bigger big fix was described as: “a malicious server (say, “host-a”) could advertise the public key of another server (say, “host-b”). Then, when the client subsequently connects back to host-a, instead of answering the connection as usual itself, host-a could proxy the connection to host-b. This would cause the user to connect to host-b when they think they are connecting to host-a, which is a violation of the authentication the host key is supposed to provide.”
None of this code has been in a formal OpenSSH release just yet, but hopefully it will soon

PCBSD tries out LibreSSL

PCBSD users may soon be seeing a lot less security problems because of two recent changes
After switching over to OpenNTPD last week, PCBSD decides to give the portable LibreSSL a try too
Note that this is only for the packages built from ports, not the base system unfortunately
They’re not the first ones to do this – OPNsense has been experimenting with replacing OpenSSL in their ports tree for a little while now, and of course all of OpenBSD’s ports are built against it
A good number of patches are still not committed in vanilla FreeBSD ports, so they had to borrow some from Bugzilla
Look forward to Kris wearing a “keep calm and abandon OpenSSL” shirt in the near future

Feedback/Questions

Mailing List Gold

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you write an article or blog post about BSD, or even just come across one you like, be sure to send it our way
If you’re in or around the southern California area, there’s going to be at least two BSD-related talks at this year’s SCALE 13x conference, as well as an OpenBSD booth, FreeBSD booth and some BSD certification exams as well
That’s going on between February 19th-22nd at the Hilton Los Angeles Airport
A special thanks to our anonymous listener for writing most of this week’s tutorial – we’ll be doing ones for PCBSD (using git) and FreeBSD (using svn) sometime soon

The post Noah's L2ARC | BSD Now 77 first appeared on Jupiter Broadcasting.

8,000,000 Mogofoo-ops | BSD Now 65

chris — Thu, 27 Nov 2014 11:33:00 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Coming up on the show this week, we’ve got an interview with Brendan Gregg of Netflix. He’s got a lot to say about performance tuning and benchmarks & even some pretty funny stories about how people have done them incorrectly. As always, this week’s news & answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

Even more BSD presentation videos

More videos from this year’s MeetBSD and OpenZFS devsummit were uploaded since last week
Robert Ryan, At the Heart of the Digital Economy
FreeNAS & ZFS, The Indestructible Duo – Except for the Hard Drives
Richard Yao, libzfs_core and ioctl stabilization
OpenZFS, Company lightning talks
OpenZFS, Hackathon Presentation and Awards
Pavel Zakharov, Fast File Cloning
Rick Reed, Half a billion unsuspecting FreeBSD users
Alex Reece & Matt Ahrens, Device Removal
Chris Side, Channel Programs
David Maxwell, The Unix command pipeline
Be sure to check out the giant list of videos from last week’s episode if you haven’t seen them already

NetBSD on a Cobalt Qube 2

The Cobalt Qube was a very expensive networking appliance around 2000
In 2014, you can apparently get one of these MIPS-based machines for about forty bucks
This blog post details getting NetBSD installed and set up on the rare relic of our networking past
If you’re an old-time fan of RISC or MIPS CPUs, this’ll be a treat for you
Lots of great pictures of the hardware too

OpenBSD vs. AFL

In their never-ending security audit, some OpenBSD developers have been hitting various parts of the tree with a fuzzer
If you’re not familiar, fuzzing is a semi-automated way to test programs for crashes and potential security problems
The program being subjected to torture gets all sorts of random and invalid input, in the hopes of uncovering overflows and other bugs
American Fuzzy Lop, in particular, has provided some interesting results across various open source projects recently
So far, it’s fixed some NULL pointer dereferences in OpenSSH, various crashes in tcpdump and mandoc and a few other things
AFL has an impressive list of CVEs (vulnerabilities) that it’s helped developers discover and fix
It also made its way into OpenBSD ports, FreeBSD ports and NetBSD’s pkgsrc very recently, so you can try it out for yourself

GNOME 3 hits the FreeBSD ports tree

While you’ve been able to run GNOME 3 on PC-BSD and OpenBSD for a while, it hasn’t actually hit the FreeBSD ports tree.. until now
Due to systemd dependencies and the upstream developers not really being interested in non-Linux OSes, it took a considerable amount of effort to port
Now you can play with GNOME 3 and all its goodies (as well as Cinnamon 2.2, which this also brings in) on vanilla FreeBSD
Be sure to check the commit message and /usr/ports/UPDATING if you’re upgrading from GNOME 2
You might also want to go back and listen to our interview with Joe Marcus Clark about GNOME’s portability

Interview – Brendan Gregg – bgregg@netflix.com / @brendangregg

Performance tuning, benchmarks, debugging

News Roundup

DragonFlyBSD 4.0 released

A new major version of DragonFly, 4.0.1, was just recently announced
This version includes support for Haswell GPUs, lots of SMP improvements (including some in PF) and support for up to 256 CPUs
It’s also the first release to drop support for i386, so it joins PCBSD in the 64 bit-only club
Check the release notes for all the details, including networking and kernel improvements, as well as some crypto changes

Can we talk about FreeBSD vs Linux

Hackernews had a recent thread about discussing Linux vs BSD, and the trolls stayed away for once
Rather than rehashing why one is “better” than the other, it was focused on explaining some of the differences between ecosystems and communities
If you’re one of the many people who watch our show just out of curiosity about the BSD world, this might be a good thread to read
Someone in the comments even gave bsdnow.tv a mention as a good resource to learn, thanks guy

OpenBSD IPSEC tunnel guide

If you’ve ever wanted to connect two networks with OpenBSD gateways, this is the article for you
It shows how to set up an IPSEC tunnel between destinations, how to lock it down and how to access all the machines on the other network just like they were on your LAN
The article also explains some of the basics of IPSEC if you’re not familiar with all the terminology, so this isn’t just for experts
Though the article itself is a few years old, it mostly still applies to the latest stuff today
All the tools used are in the OpenBSD base system, so that’s pretty handy too

DragonFly starts work on IPFW2

DragonFlyBSD, much like FreeBSD, comes with more than one firewall you can use
Now it looks like you’re going to have yet another choice, as someone is working on a fork of IPFW (which is actually already in its second version, so it should be “IPFW3”)
Not a whole lot is known yet; it’s still in heavy development, but there’s a brief roadmap page with some planned additions
The guy who’s working on this has already agreed to come on the show for an interview, but we’re going to give him a chance to get some more work done first
Expect that sometime next year, once he’s made some progress

Feedback/Questions

All the tutorials are posted in their entirety at bsdnow.tv
Michael Lucas’ new book, “FreeBSD Mastery: Storage Essentials” is on sale now, check it out if you want to learn about FreeBSD’s disk subsystems
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – don’t be shy, we’d love to hear what you have to say
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
We’ve got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we’ll read and play some of them for the Christmas episode. You’ve got until December 17th to send them in (that’s when we’re prerecording)

The post 8,000,000 Mogofoo-ops | BSD Now 65 first appeared on Jupiter Broadcasting.

Gift from the Sun | BSD Now 62

chris — Thu, 06 Nov 2014 10:57:28 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We’re away at MeetBSD this week, but we’ve still got a great show for you. We’ll be joined by Pawel Dawidek, who’s done quite a lot of things in FreeBSD over the years, including the initial ZFS port. We’ll get to hear how that came about, what he’s up to now and a whole lot more. We’ll be back next week with a normal episode of BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

RSS Feeds:

– Show Notes: –

Interview – Pawel Jakub Dawidek – pjd@freebsd.org

Porting ZFS, GEOM, GELI, Capsicum, various topics

All the tutorials are posted in their entirety at bsdnow.tv
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – if you write any blog posts about BSD, send ’em our way
Usually, you can watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
We’ll be back with a regular episode next week, and maybe even some new interviews

The post Gift from the Sun | BSD Now 62 first appeared on Jupiter Broadcasting.

Zettabytes for Days | BSD Now 14

chris — Fri, 06 Dec 2013 12:17:54 +0000

This week is the long-awaited episode you\’ve been asking for! We\’ll be giving you a crash course on becoming a ZFS wizard, as well as having a chat with George Wilson about the OpenZFS project\’s recent developments. We have answers to your feedback emails and there are some great news items to get caught up on too, so stay tuned to BSD Now – the place to B.. SD.

Direct Download:

RSS Feeds:

– Show Notes: –

Headlines

pkgng 1.2 released

bapt and bdrewery from the portmgr team released pkgng 1.2 final
New features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new \”pkg config\” command, repo improvements, vuXML is now default, new fingerprint features and much more
Really simple to upgrade, check our pkgng tutorial if you want some easy instructions
It\’s also made its way into Dragonfly
See the show notes for the full list of new features and fixes

ChaCha20 and Poly1305 in OpenSSH

Damien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305
Long blog post explaining what these are and why we need them
This cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC
RC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn\’t show the packet length in cleartext
Great explanation of the differences between EtM, MtE and EaM and their advantages
\”Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly.\”

Is it time to dump Linux and move to BSD

ITworld did an article about switching from Linux to BSD
The author\’s interest was sparked from a review he was reading that said \”I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0\”
The whole article can be summed up with \”yes\” – ok, next story!

OpenZFS devsummit videos

Kicking off the ZFS episode, we\’ve got…
The OpenZFS developer summit discussion and presentation videos are up
People from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced
Question and answer session from representatives of every OS – had a couple FreeBSD guys there including one from the foundation
Presentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production
TONS of video, about 6 hours\’ worth
This leads us into our interview, which is…

Interview – George Wilson – Soft Eng at Delphix – wilzun@gmail.com / @zfsdude

KM: Can you tell us a little about yourself how you first got involved with ZFS?
AJ: Which features have you worked on in the past?
KM: Which platform do you personally use ZFS on, and for what tasks?
AJ: So what exactly is the OpenZFS project about?
KM: What do you hope the future of OpenZFS will bring?
AJ: When are we going to see native encryption?
KM: Are there some new features you\’re currently hacking on?
AJ: Is there anything specific you\’d like to see added to ZFS in the future?
KM: How did the developer summit and hackathon go?
AJ: Where can people go to get involved with development, and what\’s currently needed?
KM: Anything else you\’d like to mention?

Tutorial

A crash course on ZFS

Everything you need to know to get acquainted with the world\’s most powerful filesystem on the world\’s most powerful OS
Includes both beginner and advanced topics

News Roundup

ruBSD 2013 information

The ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia
Speakers include three OpenBSD developers, Theo de Raadt, Henning Brauer and Mike Belopuhov
Their talks are titled \”The bane of backwards compatibility,\” \”OpenBSD\’s pf: Design, Implementation and Future\” and \”OpenBSD: Where crypto is going?\”
No word on if there will be video recordings, but we\’ll let you know if that changes

DragonFly roadmap, post 3.6

John Marino posted a possible roadmap for DragonFly, now that they\’re past the 3.6 release
He wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils)
Plans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still
Bring in fixes and new stuff from FreeBSD 10

BSDCan 2014 CFP

BSDCan 2014 will be held on May 16-17 in Ottawa, Canada
They\’re now accepting proposals for talks
If you are doing something interesting with a BSD operating system, please submit a proposal
We\’ll be getting lots of interviews there

casperd added to -CURRENT

\”It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted.\”
Lists some sysctls that can be controlled

ZFS corruption bug fixed in -CURRENT

Just a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded

Feedback/Questions

Chris writes in: https://slexy.org/view/s2JDWKjs7l
SW writes in: https://slexy.org/view/s20BLqxTWD
Jason writes in: https://slexy.org/view/s2939tUOf5
Clint writes in: https://slexy.org/view/s21qKY6qIb
Chris writes in: https://slexy.org/view/s20LWlmhoK

The written versions of the Tor, jails and OpenBSD router tutorials have gotten a few small improvements and fixes
The poudriere and pkgng tutorials have been updated for the new 1.2 repository syntax
All the tutorials are posted in their entirety at bsdnow.tv, including today\’s HUGE ZFS one
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
If you have stories about how you or your company uses BSD, interesting things you\’ve done, crazy network stories or cool projects, send them to us!
Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
Kris\’ Skype video was coming straight from PCBSD this week!

The post Zettabytes for Days | BSD Now 14 first appeared on Jupiter Broadcasting.