Show Notes/Links: https://www.bsdnow.tv/328

The post EPYC Netflix Stack | BSD Now 328 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/403

The post Keeping Systems Simple | TechSNAP 403 first appeared on Jupiter Broadcasting.

Coming up on the show this week, we’ve got an interview with Brendan Gregg of Netflix. He’s got a lot to say about performance tuning and benchmarks & even some pretty funny stories about how people have done them incorrectly. As always, this week’s news & answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Even more BSD presentation videos

• More videos from this year’s MeetBSD and OpenZFS devsummit were uploaded since last week
• Robert Ryan, At the Heart of the Digital Economy
• FreeNAS & ZFS, The Indestructible Duo – Except for the Hard Drives
• Richard Yao, libzfs_core and ioctl stabilization
• OpenZFS, Company lightning talks
• OpenZFS, Hackathon Presentation and Awards
• Pavel Zakharov, Fast File Cloning
• Rick Reed, Half a billion unsuspecting FreeBSD users
• Alex Reece & Matt Ahrens, Device Removal
• Chris Side, Channel Programs
• David Maxwell, The Unix command pipeline
• Be sure to check out the giant list of videos from last week’s episode if you haven’t seen them already

NetBSD on a Cobalt Qube 2

• The Cobalt Qube was a very expensive networking appliance around 2000
• In 2014, you can apparently get one of these MIPS-based machines for about forty bucks
• This blog post details getting NetBSD installed and set up on the rare relic of our networking past
• If you’re an old-time fan of RISC or MIPS CPUs, this’ll be a treat for you
• Lots of great pictures of the hardware too

OpenBSD vs. AFL

• In their never-ending security audit, some OpenBSD developers have been hitting various parts of the tree with a fuzzer
• If you’re not familiar, fuzzing is a semi-automated way to test programs for crashes and potential security problems
• The program being subjected to torture gets all sorts of random and invalid input, in the hopes of uncovering overflows and other bugs
• American Fuzzy Lop, in particular, has provided some interesting results across various open source projects recently
• So far, it’s fixed some NULL pointer dereferences in OpenSSH, various crashes in tcpdump and mandoc and a few other things
• AFL has an impressive list of CVEs (vulnerabilities) that it’s helped developers discover and fix
• It also made its way into OpenBSD ports, FreeBSD ports and NetBSD’s pkgsrc very recently, so you can try it out for yourself

GNOME 3 hits the FreeBSD ports tree

• While you’ve been able to run GNOME 3 on PC-BSD and OpenBSD for a while, it hasn’t actually hit the FreeBSD ports tree.. until now
• Due to systemd dependencies and the upstream developers not really being interested in non-Linux OSes, it took a considerable amount of effort to port
• Now you can play with GNOME 3 and all its goodies (as well as Cinnamon 2.2, which this also brings in) on vanilla FreeBSD
• Be sure to check the commit message and /usr/ports/UPDATING if you’re upgrading from GNOME 2
• You might also want to go back and listen to our interview with Joe Marcus Clark about GNOME’s portability

Interview – Brendan Gregg – bgregg@netflix.com / @brendangregg

Performance tuning, benchmarks, debugging

News Roundup

DragonFlyBSD 4.0 released

• A new major version of DragonFly, 4.0.1, was just recently announced
• This version includes support for Haswell GPUs, lots of SMP improvements (including some in PF) and support for up to 256 CPUs
• It’s also the first release to drop support for i386, so it joins PCBSD in the 64 bit-only club
• Check the release notes for all the details, including networking and kernel improvements, as well as some crypto changes

Can we talk about FreeBSD vs Linux

• Hackernews had a recent thread about discussing Linux vs BSD, and the trolls stayed away for once
• Rather than rehashing why one is “better” than the other, it was focused on explaining some of the differences between ecosystems and communities
• If you’re one of the many people who watch our show just out of curiosity about the BSD world, this might be a good thread to read
• Someone in the comments even gave bsdnow.tv a mention as a good resource to learn, thanks guy

OpenBSD IPSEC tunnel guide

• If you’ve ever wanted to connect two networks with OpenBSD gateways, this is the article for you
• It shows how to set up an IPSEC tunnel between destinations, how to lock it down and how to access all the machines on the other network just like they were on your LAN
• The article also explains some of the basics of IPSEC if you’re not familiar with all the terminology, so this isn’t just for experts
• Though the article itself is a few years old, it mostly still applies to the latest stuff today
• All the tools used are in the OpenBSD base system, so that’s pretty handy too

DragonFly starts work on IPFW2

• DragonFlyBSD, much like FreeBSD, comes with more than one firewall you can use
• Now it looks like you’re going to have yet another choice, as someone is working on a fork of IPFW (which is actually already in its second version, so it should be “IPFW3”)
• Not a whole lot is known yet; it’s still in heavy development, but there’s a brief roadmap page with some planned additions
• The guy who’s working on this has already agreed to come on the show for an interview, but we’re going to give him a chance to get some more work done first
• Expect that sometime next year, once he’s made some progress

Feedback/Questions

• Michael writes in
• Samael writes in
• Steven writes in
• Remy writes in
• Michael writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Michael Lucas’ new book, “FreeBSD Mastery: Storage Essentials” is on sale now, check it out if you want to learn about FreeBSD’s disk subsystems
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv – don’t be shy, we’d love to hear what you have to say
• Watch live Wednesdays at 2:00PM Eastern (19:00 UTC)
• We’ve got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we’ll read and play some of them for the Christmas episode. You’ve got until December 17th to send them in (that’s when we’re prerecording)

The post 8,000,000 Mogofoo-ops | BSD Now 65 first appeared on Jupiter Broadcasting.

Coming up this week, we’ll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD.

After that, we’ll be showing you how you can create a reverse SSH tunnel to a system behind a firewall… how sneaky. Answers to your emails plus the latest news, on BSD Now, the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

FreeBSD foundation August update

• The foundation has published a new PDF detailing some of their recent activities
• It includes project development updates, the 10.1-RELEASE schedule and some of its new features
• There is also a short interview with Dru Lavigne in the “voices from the community” section
• If you’re into hardware, there’s another section about some new FreeBSD server equipment
• In closing, there’s an update on funding too

NSD for an authoritative nameserver

• With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup
• This article shows how to use NSD for an authoritative DNS nameserver
• It’s also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)
• All the instructions are presented very neatly, with all the little details included
• Less BIND means less vulnerabilities, everybody’s happy

BIND and Nginx removed from OpenBSD

• While we’re on the topic of DNS servers, BIND was finally removed from OpenBSD as well
• The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)
• They’ve also removed nginx from the base system, in favor of the new custom HTTP daemon
• BIND and Nginx are still available in ports if you don’t want to switch
• We’re hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on
• With Apache gone in the upcoming 5.6, It’s also likely that sendmail will be removed before 5.7 – hooray for modern alternatives

NetBSD demo videos

• A Japanese NetBSD developer has been uploading lots of interesting videos
• Unsurprisingly, they’re all featuring NetBSD running on exotic and weird hardware
• Most of them are demoing sound or running a modern Twitter client on an ancient computer
• They’re from the same guy that did the conference wrap-up we mentioned recently

Interview – Shawn Webb – shawn.webb@hardenedbsd.org / @lattera

Address space layout randomization in FreeBSD

Tutorial

Reverse SSH tunneling

News Roundup

Puppet master-agent installation on FreeBSD

• If you’ve got a lot of BSD boxes under your control, or if you’re just lazy, you’ve probably looked into Puppet before
• The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own
• He goes through some advantages of using this type of tool for deployments, even when you don’t have a huge number of systems
• The rest of the post explains how to set up both the master and the agent configurations

Misc. pfSense items

• We found a few miscellaneous pfSense articles this past week
• The first one is about the hunt for the “ultimate” free open source firewall, where pfSense is obviously a strong contender
• The second one shows how to log NAT firewall states
• In the third, you can see how to automatically back up your configuration files
• The fourth item shows how to set up PXE booting with pfSense, similar to one of our tutorials

Time Machine backups on ZFS

• If you’ve got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive “time capsule”
• This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system
• With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive
• Surprisingly simple to do, recommended for anyone with Macs on their network

Lumina desktop preview

• Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely
• The main developer has posted an update on the PCBSD blog with some screenshots
• Lots of new features have been added, many of which are documented in the post
• There just might be a BSD Now episode about Lumina coming up.. (cough cough)

Feedback/Questions

• Gary writes in
• Cedric writes in
• Caldwell writes in
• Cary writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• The stunnel tutorial – that’s right, our very first one – got some updates and fixes
• Send all your BSD-related questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We’d really love to feature more articles from the viewers – be it about one of the main BSDs or something like pfSense/FreeNAS – send us anything cool you write (or find)
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
• Next week is something special… we’ll just leave it at that

The post Reverse Takeover | BSD Now 52 first appeared on Jupiter Broadcasting.

It’s our 50th episode, and we’re going to show you how to protect your internet traffic with a BSD-based VPN. We’ll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

MeetBSD 2014 is approaching

• The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California
• MeetBSD has an “unconference” format, which means there will be both planned talks and community events
• All the extra details will be on their site soon
• It also has hotels and various other bits of useful information – hopefully with more info on the talks to come
• Of course, EuroBSDCon is coming up before then

First experiences with OpenBSD

• A new blog post that leads off with “tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven’t tried before”
• The author read the famous “BSD for Linux users” series (that most of us have surely seen) and decided to give BSD a try
• He details his different OS and distro history, concluding with how he “eventually became annoyed at the poor quality of Linux userland software”
• From there, it talks about how he used the OpenBSD USB image and got a fully-working system
• He especially liked the simplicity of OpenBSD’s “hostname.if” system for network configuration
• Finally, he gets Xorg working and imports all his usual configuration files – seems to be a happy new user!

NetBSD rump kernels on bare metal (and Kansai OSC report)

• When you’re developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right
• However, NetBSD’s rump kernels – a very unique concept – make this process a lot easier
• This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week
• Also have a look back at episode 8 for our interview about rump kernels and what exactly they do
• While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight

OpenSSL and LibreSSL updates

• OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)
• Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more
• LibreSSL released a new version to address most of the vulnerabilities, but wasn’t affected by some of them
• Whichever version of whatever SSL you use, make sure it’s patched for these issues
• DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, FreeBSD (outside of -CURRENT) and NetBSD are not

Interview – Robert Watson – rwatson@freebsd.org

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

• If you use git (like a certain host of this show) then you’ve probably considered setting up your own server
• This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend
• It even shows you how to set up multiple repos with key-based user separation and other cool things
• The author of the post is also a listener of the show, thanks for sending it in!

Backup devices for small businesses

• In this article, different methods of data storage and backup are compared
• After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer
• He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers
• It also goes over some of the hardware specifics in the FreeNAS Mini

A new Xenocara interview

• As a follow up to last week’s OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara
• If you’re not familiar with Xenocara, it’s OpenBSD’s version of Xorg with some custom patches
• In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing
• Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it’s natural for him to do a lot of the maintainership work there

Building a high performance FreeBSD samba server

• If you’ve got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what’s the best solution?
• FreeBSD, ZFS and Samba obviously!
• The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients
• This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)
• It doesn’t even require the newest or best hardware with the right changes, pretty cool

Feedback/Questions

• An interesting Reddit thread or two
• PB writes in
• Sean writes in
• Steve writes in
• Lachlan writes in
• Justin writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• We want to give a special thanks to our viewer Adam (aka bsdx) for writing most of today’s OpenVPN tutorial
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post VPN, My Dear Watson | BSD Now 50 first appeared on Jupiter Broadcasting.

We’re back and this week we’ll be showing you how to tunnel out of a restrictive network using only DNS queries.

We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes.

All the latest news and answers to your emails, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

Become a supporter on Patreon:

– Show Notes: –

Headlines

EuroBSDCon 2014 registration open

• September is getting closer, and that means it’s time for EuroBSDCon – held in Bulgaria this year
• Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th
• Tutorials, sessions, dev summits and everything else all have their own pricing as well
• Registering between August 18th – September 12th will cost more for everything
• You can register online here and check hotels in the area
• The FreeBSD foundation is also accepting applications for travel grants

OpenBSD SMP PF update

• A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded
• With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump
• In a recent mailing list thread, Henning Brauer addresses some of the concerns
• The short version is that too many things in OpenBSD are currently single-threaded for it to matter – just reworking PF by itself would be useless
• He also says PF on OpenBSD is over four times faster than FreeBSD’s old version, presumably due to those extra years of development it’s gone through
• There’s also been even more recent concern about the uncertain future of FreeBSD’s PF, being mostly unmaintained since their SMP patches
• We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us

Introduction to NetBSD pkgsrc

• An article from one of our listeners about how to create a new pkgsrc port or fix one that you need
• The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format
• It also lists all the different bmake targets and their functions in relation to the porting process
• Finally, the post details the whole process of creating a new port

FreeBSD 9.3-RELEASE

• After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday
• The full list of changes is available, but it’s mostly a smaller maintenance release
• Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated… and much more
• If you haven’t jumped to the 10.x branch yet (and there are a lot of people who haven’t!) this is a worthwhile upgrade – 9.2-RELEASE will reach EOL soon
• Good news, this will be the first release with PGP-signed checksums on the FTP mirrors – a very welcome change
• 9.2’s EOL was extended until December of this year
• With that out of the way, the 10.1-RELEASE schedule was posted

Interview – Bryan Drewery – bdrewery@freebsd.org / @bdrewery

The FreeBSD package building cluster, pkgng, ports, various topics

Tutorial

Tunneling traffic through DNS

News Roundup

SSH two-factor authentication on FreeBSD

• We’ve previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website
• This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port
• Using this setup, every user that logs in with a password will have an extra requirement before they can gain access – but users with public keys can login normally
• It’s a really, really simple process once you have the port installed – full details on the page

Ditch tape backup in favor of FreeNAS

• The author of this post shares some of his horrible experiences with tape backups for a client
• Having constant, daily errors and failed backups, he needed to find another solution
• With 1TB of backups, tapes just weren’t a good option anymore – so he switched to FreeNAS (after also ruling out a pre-built NAS)
• The rest of the article details his experiences with it and tells about his setup

NetBSD vs FreeBSD, desktop experiences

• A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job
• Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try – especially since it has a native nVidia driver
• “Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga.”
• He’s become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system

PCBSD not-so-weekly digest

• Speaking of choices for a desktop system, it’s the return of the PCBSD digest!
• Warden and PBI_add have gotten some interesting new features
• You can now create jails “on the fly” when adding a new PBI to your application library
• Bulk jail creation is also possible now, and it’s really easy
• New Jenkins integration, with public access to Poudriere logs as well (https://builds.pcbsd.org)
• PkgNG 1.3.0.rc2 testing for EDGE users

Feedback/Questions

• Jeff writes in – Sending Encrypted Backups over SSH + Sending ZFS snapshots via user
• Bruce writes in
• Richard writes in
• Jeff writes in
• Steve writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We love hearing from listeners – tell us what you think of the show or what you’d like to see!
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Congrats to the new FreeBSD core team members
• The first (and second.. and third..) portable release of LibreSSL is available on the OpenBSD FTP sites, with a brief announcement email
• Test it on your platform of choice, including building ports against it, and report your findings to either the LibreSSL team or the port maintainers so we can increase compatibility
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Network Iodometry | BSD Now 46 first appeared on Jupiter Broadcasting.

Coming up this week, we’ll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

PIE and ASLR in FreeBSD update

• A status update for Shawn Webb’s ASLR and PIE work for FreeBSD
• One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree
• “FreeBSD has supported loading PIEs for a while now, but the applications in base weren’t compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support”
• If you’re running -CURRENT, just add “WITH_PIE=1” to your /etc/src.conf and /etc/make.conf
• The next step is working on the ASLR coding style and getting more developers to look through it
• Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR

Misc. pfSense news

• Couple of pfSense news items this week, including some hardware news
• Someone’s gotta test the pfSense hardware devices before they’re sold, which involves powering them all on at least once
• To make that process faster, they’re building a controllable power board (and include some cool pics)
• There will be more info on that device a bit later on
• On Friday, June 27th, there will be another video session (for paying customers only…) about virtualized firewalls
• pfSense University, a new paid training course, was also announced
• A single two-day class costs $2000, ouch

ZFS stripe width

• A new blog post from Matt Ahrens about ZFS stripe width
• “The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice”
• Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages
• He covers best performance on random IOPS, best reliability, and best space efficiency use cases
• It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels’ overhead factor

FreeBSD 9.3-BETA3 released

• The third BETA in the 9.3 release cycle is out, we’re slowly getting closer to the release
• This is expected to be the final BETA, next will come the RCs
• There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what’s in -CURRENT (but still isn’t using ChaCha20)
• The FreeBSD foundation has a blog post about it too
• There’s a list of changes between 9.2 and 9.3 as well, but we’ll be sure to cover it when the -RELEASE hits

Interview – Bryce Chidester – brycec@devio.us / @brycied00d

Running a BSD shell provider

Tutorial

Chaining SSH connections

News Roundup

My FreeBSD adventure

• A Slackware user from the “linux questions” forum decides to try out BSD, and documents his initial impressions and findings
• After ruling out PCBSD due to the demanding hardware requirements and NetBSD due to “politics” (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on
• In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things
• So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux
• Might be an interesting, ongoing series we can follow up on later

Even more BSDCan trip reports

• BSDCan may be over until next year, but trip reports are still pouring in
• This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation
• He’s part of the “Jenkins CI for FreeBSD” group and went to BSDCan mostly for that
• Nice long post about all of his experiences at the event, definitely worth a read
• He even talks about… the food

FreeBSD disk partitioning

• For his latest book series on FreeBSD’s GEOM system, MWL asked the hackers mailing list for some clarification
• This erupted into a very long discussion about fdisk vs gnop vs gpart
• So you don’t have to read the tons of mailing list posts, he’s summarized the findings in a blog post
• It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools

BSD Router Project version 1.51

• A new version of the BSD Router Project has been released, 1.51
• It’s now based on FreeBSD 10-STABLE instead of 10.0-RELEASE
• Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsewhere
• Check the sourceforge page for the complete list of changes
• The minimum disk size requirement has increased to 512MB

Feedback/Questions

• Fongaboo writes in
• David writes in
• Kristian writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• A special thanks to our viewer Lars for writing most of today’s tutorial and sending it in
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• If you want to come on for an interview or have a tutorial you’d like to see, let us know
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post Devious Methods | BSD Now 42 first appeared on Jupiter Broadcasting.

This time on the show we\’ll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now – the place to B.. SD.

Thanks to:

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

BSDCan 2014 talks and reports

• The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links
• Karl Lehenbauer\’s keynote (he\’s on next week\’s episode)
• Mariusz Zaborski and Pawel Jakub Dawidek,
  Capsicum and Casper (relevant to today\’s interview)
• Luigi Rizzo,
  In-kernel OpenvSwitch on FreeBSD
• Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage
• Warner Losh, NAND Flash and FreeBSD
• Simon Gerraty, FreeBSD bmake and Meta Mode
• Bob Beck, LibreSSL – The First 30 Days
• Henning Brauer, OpenBGPD Turns 10 Years Old
• Arun Thomas, BSD ARM Kernel Internals
• Peter Hessler, Using BGP for Realtime Spam Lists
• Pedro Giffuni, Features and Status of FreeBSD\’s Ext2 Implementation
  
• Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements
• Daichi Goto, Shellscripts and Commands
• Benno Rice, Keeping Current
• Sean Bruno, MIPS Router Hacking
• John-Mark Gurney, Optimizing GELI Performance
• Patrick Kelsey, Userspace Networking with libuinet
• Massimiliano Stucchi, IPv6 Transitioning Mechanisms
• Roger Pau Monné, Taking the Red Pill
• Shawn Webb, Introducing ASLR in FreeBSD
• There\’s also a trip report from Peter Hessler and one from Julio Merino
• The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that\’s a recurring trend)

Defend your network and privacy with a VPN and OpenBSD

• After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back
• This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities
• There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used
• You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems – this could also be used with Tor (but it would be very slow)
• It also includes a few general privacy tips, recommended browser extensions, etc
• The intro to the article is especially great, so give the whole thing a read
• He mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you\’re watching!

You should try FreeBSD

• In this blog post, the author talks a bit about how some Linux people aren\’t familiar with the BSDs and how we can take steps to change that
• He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two
• Possibly the most useful part is how to address the question \”my server already works, why bother switching?\”
• \”Stackoverflow’s answers assume I have apt-get installed\” ← lol
• It includes mention of the great documentation, stability, ports, improved security and much more
• A takeaway quote for would-be Linux switchers: \”I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before\”

OpenBSD and the little Mauritian contributor

• This is a story about a guy from Mauritius named Logan, one of OpenBSD\’s newest developers
• Back in 2010, he started sending in patched for OpenBSD\’s \”mg\” editor, among other small things, and eventually added file transfer resume support for SFTP
• The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon
• It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem
• Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back

Interview – Jon Anderson – jonathan@freebsd.org

Capsicum and Casperd

Tutorial

Encrypting DNS lookups

News Roundup

FreeBSD Journal, May 2014 issue

• The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle
• This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling
• Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read

LibreSSL porting update

• Since the last LibreSSL post we covered, a couple unofficial \”portable\” versions have died off
• Unfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly – stop doing that!
• This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening example
• Please wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good

BSDMag May 2014 issue is out

• The usual monthly release from BSDMag, covering a variety of subjects
• This time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other things
• It\’s a free PDF, go grab it

BSDTalk episode 241

• A new episode of BSDTalk is out, this time with Bob Beck
• He talks about the OpenBSD foundation\’s recent activities, his own work in the project, some stories about the hardware in Theo\’s basement and a lot more
• The interview itself isn\’t about LibreSSL at all, but they do touch on it a bit too
• Really interesting stuff, covers a lot of different topics in a short amount of time

Feedback/Questions

• We got a number of replies about last week\’s VPN question, so thanks to everyone who sent in an email about it – the vpnc package seems to be what we were looking for
• Tim writes in
• AJ writes in
• Peter writes in
• Thomas writes in
• Martin writes in

• All the tutorials are posted in their entirety at bsdnow.tv
• Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
• We\’re looking for new tutorial ideas, so if there\’s something specific you\’d like to learn about, let us know
• FreeBSD core team elections are in progress – nominations ended today. There are 21 candidates, and voting is open for the next month. We\’ll let you know how it goes in a future episode.
• Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

The post The Friendly Sandbox | BSD Now 39 first appeared on Jupiter Broadcasting.

We\’ll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller – one of the lead developers of OpenSSH – about some recent crypto changes in the project. If you\’re into data security, today\’s the show for you. The latest news and all your burning questions answered, right here on BSD Now – the place to B.. SD.

Thanks to:

• iXsystems: This is what 80 cores and 1TB of RAM looks like!

Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –

Headlines

Secure communications with OpenBSD and OpenVPN

• Starting off today\’s theme of encryption…
• A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
• Part 1 covers installing OpenBSD with full disk encryption (which we\’ll be doing later on in the show)
• Part 2 covers the initial setup of OpenVPN certificates and keys
• Parts 3 and 4 are the OpenVPN server and client configuration
• Part 5 is some updates and closing remarks

FreeBSD Foundation Newsletter

• The December 2013 semi-annual newsletter was sent out from the foundation
• In the newsletter you will find the president\’s letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
• The president\’s letter alone is worth the read, really amazing
• Really long, with lots of details and stories from the conferences and projects

Use of NetBSD with Marvell Kirkwood Processors

• Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
• The IP-Plug is a \”multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger).\”
• Really cool little NetBSD ARM project with lots of graphs, pictures and details

Experimenting with zero-copy network IO

• Long blog post from Adrian Chad about zero-copy network IO on FreeBSD
• Discusses the different OS\’ implementations and options
• He\’s able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn\’t stopping there
• Tons of details, check the full post

Interview – Damien Miller – djm@openbsd.org / @damienmiller

Cryptography in OpenBSD and OpenSSH

Full disk encryption in FreeBSD & OpenBSD

• Shows how to install both FreeBSD and OpenBSD with full disk encryption
• We\’ll be using geli and bioctl and doing it step by step

News Roundup

OpenZFS office hours

• Our buddy George Wilson sat down to take some ZFS questions from the community
• You can see more info about it here

License summaries in pkgng

• A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
• Similar to pkgsrc\’s \”ACCEPTABLE_LICENSES\” setting, pkgng could let the user decide which software licenses he wants to allow
• Maybe we could get a \”pkg licenses\” command to display the license of all installed packages
• Ok bapt, do it

The post Cryptocrystalline | BSD Now 16 first appeared on Jupiter Broadcasting.

Even we have to admit Linux has a few important weak spots that remain. This week we come clean on why the world’s #1 Linux podcast is edited on a Hackintosh. Why we feel it’s going to require a radical technology leap for the situation to get any better, and some near term hopes.

Plus: SSH Tunnels vs VPNs, how to quickly use an SSH tunnel for an application specific need, details on a lightweight KDE based desktop coming soon, Nvidia’s answer to Linus’ F&#CK YOU…

AND SO MUCH MORE!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our code linux295 to score .COM for just $2.95! 35% off your ENTIRE order just use our code go35off3 until the end of the month!
Ting.com Visit las.ting.com to save $25 off your device or service credits.

Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | Ogg Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Feed | Ogg Feed | iTunes Feeds | Torrent Feed

Support the Show:

Support the Show: