This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
BSDCan 2015 videos
BSDCan just ended last week, but some of the BSD-related presentation videos are already onlineAllan Jude, UCL for FreeBSDAndrew Cagney, What happens when a dwarf and a daemon start dancing by the light of the silvery moon?Andy Tanenbaum, A reimplementation of NetBSD using a MicroKernelBrooks Davis, CheriBSD: A research fork of FreeBSDGiuseppe Lettieri, Even faster VM networking with virtual passthroughJoseph Mingrone, Molecular Evolution, Genomic Analysis and FreeBSDOlivier Cochard-Labbe, Large-scale plug&play x86 network appliance deployment over InternetPeter Hessler, Using routing domains / routing tables in a production networkRyan Lortie, a stitch in time: jhbuildTed Unangst, signify: Securing OpenBSD From Us To YouMany more still to come...***
Documenting my BSD experience
Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try"That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in."In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasksThe first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run intoHe's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soonHis second post explores replacing the firewall on his self-described "over complicated home network" with an OpenBSD boxAfter going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshingAll the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understandGetting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve***
PC-BSD tries HardenedBSD builds
The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integratedThey're not the first major FreeBSD-based project to offer an alternate build - OPNsense did that a few weeks ago - but this might open the door for more projects to give it a try as wellWith Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't haveTime will tell if more projects and products like FreeNAS might be interested too***
C-states in OpenBSD
People who run BSD on their notebooks, you'll want to pay attention to this oneOpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power modeAccording to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery lifeIf you're running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings***
NetBSD at Open Source Conference 2015 Hokkaido
The Japanese NetBSD users group never sleeps, and they've hit yet another open source conferenceAs is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)We'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms***
Interview - Marc Espie -
[email protected] / @espie_openbsd
Recent improvements to OpenBSD's dpb tool
News Roundup
Introducing xhyve, bhyve on OS X
We've talked about FreeBSD's "bhyve" hypervisor a lot on the show, and now it's been ported to another OSAs the name "xhyve" might imply, it's a port of bhyve to Mac OS X Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the futureIt runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newerThere are also a few examples on how to use it***
4K displays on DragonFlyBSD
If you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fineMatthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchasSome GUI applications might look weird on such a huge resolution, HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience***
Sandboxing port daemons on OpenBSD
We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatmentThis blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn't chroot by defaultIt goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart itWith a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots***
SmallWall 1.8.2 released
SmallWall is a relatively new BSD-based project that we've never covered beforeIt's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quitsThey've just released the first official version, so you can give it a try nowIf you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks...***
Feedback/Questions
David writes inBrian writes inDan writes inJoel writes inSteve writes in***
View all episodes
