This week on BSDNow, we have an interview with Matthew Macy, who has some exciting news to share with us regarding the state of graphics
This episode was brought to you by
Headlines
How the number of states affects pf’s performance of FreeBSD
Our friend Olivier of FreeNAS and BSDRP fame has an interesting blog post this week detailing his unique issue with finding a firewall that can handle upwards of 4 million state table entries.He begins in the article with benchmarking the defaults, since without that we don’t have a framework to compare the later results. All done on his Netgate RCC-VE 4860 (4 cores ATOM C2558, 8GB RAM) under FreeBSD 10.3.“We notice a little performance impact when we reach the default 10K state table limit: From 413Kpps with 128 states in-used, it lower to 372Kpps.”With the initial benchmarks done and graphed, he then starts the tuning process by adjusting the “net.pf.states_hashsize”sysctl, and then playing with the number of states for the firewall to keep.“For the next bench, the number of flow will be fixed for generating 9800 pf state entries, but I will try different value of pf.states_hashsize until the maximum allowed on my 8GB RAM server (still with the default max states of 10k):”Then he cranks it up to 4 million states“There is only 12% performance penalty between pf 128 pf states and 4 million pf states.”“With 10M state, pf performance lower to 362Kpps: Still only 12% lower performance than with only 128 states”He then looks at what this does of pfsync, the protocol to sync the state table between two redundant pf firewallsConclusions:There need to be a linear relationship between the pf hard-limit of states and the pf.states_hashsize; RAM needed for pf.states_hashsize = pf.states_hashsize * 80 Byte and pf.states_hashsize should be a power of 2 (from the manual page); Even small hardware can manage large number of sessions (it's a matter of RAM), but under too lot's of pressure pfsync will suffer.
Introducing the BCHS Stack = BSD, C, httpd, SQLite
Pronounced Beaches“It's a hipster-free, open source software stack for web applications”“Don't just write C. Write portable and secure C.”“Get to know your security tools. OpenBSD has systrace(4) and pledge(2). FreeBSD has capsicum(4).”“Statically scan your binary with LLVM” and “Run your application under valgrind”“Don't forget: BSD is a community of professionals. Go to conferences (EuroBSDCon, AsiaBSDCon, BSDCan, etc.)”This seems like a really interesting project, we’ll have to get Kristaps Dzonsons back on the show to talk about it***
Installing OpenBSD's httpd server, MariaDB, PHP 5.6 on OpenBSD 5.9
Looking to deploy your next web-stack on OpenBSD 5.9? If so this next article from rootbsd.net is for you.Specifically it will walk you through the process of getting OpenBSD’s own httpd server up and running, followed by MariaDB and PHP 5.6.Most of the setup is pretty straight-forward, the httpd syntax may be different to you, if this is your first time trying it out.Once the various packages are installed / configured, the rest of the tutorial will be easy, walking you through the standard hello world PHP script, and enabling the services to run at reboot.A good article for those wanting to start hosting PHP/DB content (wordpress anyone?) on your OpenBSD system.***
The infrastructure behind Varnish
Dogfooding. It’s a term you hear often in the software community, which essentially means to “Run your own stuff”. Today we have an article by PKH over at varnish-cache, talking about what that means to them.Specifically, they recently went through a website upgrade, which will enable them to run more of their own stuff. He has a great quote on what OS they use:“So, dogfood: Obviously FreeBSD. Apart from the obvious reason that I wrote a lot of FreeBSD and can get world-class support by bugging my buddies about it, there are two equally serious reasons for the Varnish Project to run on FreeBSD: Dogfood and jails.Varnish Cache is not “software for Linux”, it is software for any competent UNIX-like operating system, and FreeBSD is our primary “keep us honest about this” platform.“He then goes through the process of explaining how they would setup a new Varnish-cache website, or upgrade it. All together a great read, and if you are one of the admin-types, you really should pay attention to how they build from the ground up. Some valuable knowledge here which every admin should try to replicate.I can not reiterate the value of having your config files in a private source control repo strongly enoughThe biggest take-away is: “And by doing it this way, I know it will work next time also.”***
Interview - Matt Macy -
[email protected]Graphics Stack Update
News Roundup
Followup on packaging base with pkg(8)
In spite of the heroic last minute effort by a team of contributors, pkg’d base will not be ready in time for FreeBSD 11.0There are just too many issues that were discovered during testingThe plan is to continue using freebsd-update in the meantime, and introduce a pkg based upgrade mechanism in FreeBSD 11.1With the new support model for the FreeBSD 11 branch, 11.1 may come sooner than with previous major releases***
FreeBSD Core Election
It is time once again for the FreeBSD Core ElectionApplication period begins: Wednesday, 18 May 2016 at 18:00:00 UTCApplication period ends: Wednesday, 25 May 2016 at 18:00:00 UTCVoting begins: Wednesday, 25 May 2016 at 18:00:00 UTCVoting ends: Wednesday, 22 June 2016 at 18:00:00 UTCResults announced Wednesday, 29 June 2016New core team takes office: Wednesday, 6 July 2016As of the time I was writing these notes, 3 hours before the application deadline, the candidates are:Allan Jude: Filling in the potholesMarcelo Araujo: We are not vampires, but we need new blood.Baptiste Daroussin (incumbent): Keep on improvingBenedict Reuschling: Learn and TeachBenno Rice: Revitalising The CommunityDevin Teske: Here to helpEd Maste (incumbent): FreeBSD is peopleGeorge V. Neville-Neil (incumbent): There is much to do…Hiroki Sato (incumbent): Keep up with our good community and technical strengthJohn Baldwin: Ready to workJuli Mallett: Caring for community.Kris Moore: User-FocusedMathieu Arnold: Someone ask for fresh blood ?Ollivier Robert: Caring for the project and you, its developersThe deadline for applications is around the time we finish recording the live showWe welcome any of the candidates to schedule an interview in the next few weeks. We will make an attempt to hunt many of them down at BSDCan as well.***
Wayland/Weston with XWayland works on DragonFly
We haven’t talked a lot about Wayland on BSD recently (or much at all), but today we have a post from Peter to the dragonfly mailing list, detailing his experience with it.Specifically he talks about getting XWayland working, which provides the compat bits for native X applications to run on WayLand displays.So far on the working list of apps:“gtk3:
geditnautilusevincexfce4-terminalfirefoxspyderscilab”A pretty impressive list, although he said “chrome” failed with a seg-faultThis is something I’m personally interested in. Now with the newer DRM bits landing in FreeBSD, perhaps it’s time for some further looking into Wayland.***
Broadcom WiFi driver update
In this blog post Adrian Chadd talks about his recent work on the bwn(4) driver for Broadcom WiFi chipsThis work has added support for a number of older 802.11g chips, including the one from 2009-era MacbooksWork is ongoing, and the hope is to add 802.11n and 5ghz support as wellAdrian is mentoring a number of developers working on embedded or wifi related things, to try to increase the projects bandwidth in those areasIf you are interested in driver development, or wifi internals, the blog post has lots of interesting details and covers the story of Adrian’s recent adventures in bringing the drivers up***
Beastie Bits
The Design of the NetBSD I/O Subsystems (2002)
ZFS, BTRFS, XFS, EXT4 and LVM with KVM – a storage performance comparison
Swift added to FreeBSD Ports
misc@openbsd: 'NSA addition to ifconfig'
Papers We Love: Memory by the Slab: The Tale of Bonwick's Slab Allocator
Feedback/Questions
Lars - Poudriere Warren - .NET Eddy - Sys Init Tim - ZFS Resources Morgan - Ports and Kernel***