BSD Now

By JT Pennington

Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as... more

4.8

8989 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about BSD Now:

How many episodes does BSD Now have?

The podcast currently has 637 episodes available.

BSD Now episodes:

November 18, 2015116: Arcing ZFS
This episode was brought to you by
iX Systems Mission Complete
Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!
Headlines
How to create new binary packages in the Ports system on OpenBSD
Creating a port is often a great first step you can take to get involved in your favorite BSD of choice, and (often) doesn’t require any actual programming to do so.
In this article we have a great walkthrough for users on creating a new ported application, and eventually binary package, on OpenBSD
As mentioned in the tutorial, a good starting place is always an existing port, which can you use as a template for your new creation. Tip: Try to pick something similar, I.E. python for a python app, Qt for Qt, etc.
This tutorial will first walk you through the process of creating your Makefile and related description about the new port.
Once you’ve created the initial Makefile, there are a bunch of new “make” targets you can begin to run to try building your port, everything from “make fetch” to “make makesum” and “make package”. Using these tests you can verify that your port is correct and results in the installable package/app you wanted.
***
Status update on pledge(2)
OpenBSD has been working very aggressively to convert much of their base system applications to using pledge(2) “Formerly Tame(2))
Theo has provided a great status update on where that stands as of right now and the numbers look like the following:
Out of 600 ELF binaries, 368 of them have been updated to utilize pledge(2) in some manner
This is quite a few, and includes everything from openssl, ping, sftp, grep, gzip and much more
There are still a number of “pledge-able” commands waiting for conversion, such as login, sysctl, nfsd, ssh and others.
He also mentions that there does exist some subset of commands which aren’t viable pledge(2) candidates, such as simple things like “true”, or commands like reboot/mount or even perl itself.
***
FreeBSD booting on the Onion Omega
Tiny $19 MIPS SoC ($25 with dock that provides built in mini-USB Serial interface, power supply, LED lights, GPIO expansion, USB port, etc)
A number of pluggable ‘expansions’ are available, including:
Arduino Dock (connect the Omega device to your existing Arduino components)
Blue Tooth Lower Energy
10/100 Ethernet Port
Relay expansion (2 relays each, can stack up to 8 expansions to control 16 relays)
Servo expansion (control up to 16 PWM servos, like robotic arms or camera mounts)
OLED expansion (1" monochrome 128x64 OLED display)
Thermal Printer Kit (includes all wiring and other components)
The device is the product of a successful Kick Starter campaign from March of this year
Specs:
Atheros AR9330 rev1 400MHZ MIPS 24K
64MB DDR2 400MHz
16MB Flash
802.11b/g/n 150Mbps Atheros Wifi + 100mbps Atheros Wired Ethernet
18 GPIO Pins
USB Controller
Using the freebsd-wifi-build tool, I was able to build a new firmware for the device based on a profile for a similar device based on the same Atheros chip. I hope to have time to validate some of the settings and get them posted up into the wiki and get the kernel configuration committed to FreeBSD in the next week or two
It is an interesting device compared to the TP-Link WDR3600’s we did at BSDCan, as it has twice as much flash, leaving more room for the system image, but only half as much ram, and a slower CPU
***
SSH Performance testing
There has been a discussion about the value of upkeeping the HPN (High Performance Networking) patch to OpenSSH in the base system of FreeBSD
As part of this, I did some fresh benchmarks on my pair of new high end servers
The remaining part to be done is testing different levels of latency
By tweaking the socket buffer sizes, I was able to saturate the full 10 gigabit with netcat, iperf, etc
From the tests that have been done so far, it doesn’t look like even the NONE cipher can reach that level of performance because of the MAC (Message Authentication Code)
It does appear that some of the auto-tuning in HPN is not worked as expected
Explicitly setting -oTcpRcvBuf=7168 (KB) is enough to saturate a gigabit with 50ms RTT (round trip time)
***
iXsystems
iX gives an overview of FreeBSD at SeaGl 2015
On the FreeNAS Blog, Michael Dexter explains the ZFS Intent Log and SLOG
Interview - George Wilson - [email protected] / @zfsdude
OpenZFS and Delphix
***
News Roundup
Nicholas Marriott has replaced the aging version of less(1) in OpenBSD
Sometimes less isn’t more, it’s just less
In this story, we have news that the old version of less(1) in OpenBSD has now been ripped out in favor of the more modern fork from illumos founder Garrett D’Amore.
In addition to being a “more” modern version, it also includes far “less” of the portability code, uses terminfo, replacing termcap and is more POSIX compliant.
***
FreeBSD gets initial support for advanced SMR drives
Kenneth D. Merry [email protected] has developed initial support for Host Managed, and Host Aware Shingled Magnetic Recording drives in FreeBSD, available as a patch against both -current and 10-stable
“This includes support for Host Managed, Host Aware and Drive Managed SMRdrives that are either SCSI (ZBC) or ATA (ZAC) attached via a SAScontroller. This does not include support for SMR ATA drives attached viaan ATA controller. Also, I have not yet figured out how to properly detecta Host Managed ATA drive, so this code won't do that.”
SMR drives have overlapping tracks, because the read head can be much smaller than the write head
The drawback to this approach is that writes to the disk must take place in 256 MB “zones” that must be written from the beginning
New features in the patch:
A new 'camcontrol zone' command that allows displaying and managing drive zones via SCSI/ATA passthrough.
A new zonectl(8) utility that uses the new DIOCZONECMD ioctl to display and manage zones via the da(4) (and later ada(4)) driver.
Changes to diskinfo -v to display the zone mode of a drive.
A new disk zone API, sys/sys/disk_zone.h.
A new bio type, BIO_ZONE, and modifications to GEOM to support it. This new bio will allow filesystems to query zone support in a drive and manage zoned drives.
Extensive modifications to the da(4) driver to handle probing SCSI and SATA behind SAS SMR drives.
Additional CAM CDB building functions for zone commands.
“We (Spectra Logic) are working on ZFS changes that will use this CAM and GEOM infrastructure to make ZFS play well with SMR drives. Those changes aren't yet done.”
It is good to see active development in this area, especially from experts in archival storage
A second patch is also offered, that improves the pass(4) passthrough interface for disks, and introduces a new camdd(8) command, a version of dd that uses the pass(4) interface, kqueue, and separate reader/writer threads for improved performance
He also presents a feature wishlist that includes some interesting benchmarking features, including a ‘sink’ mode, where reads from the device are just thrown away, rather than having to write then to /dev/null
***
Initial implemtnation of 802.11n now in iwm(4)
OpenBSD laptop users rejoice! 802.11n has landed!
Initially only for the iwm(4) driver, support is planned for other devices in the future
Includes support for all the required (non-optional) bits to make 802.11N functional
Adds a new 11n mode to ifmedia, and MCS (modulation coding scheme) that sits alongside the ieee80211_rateset structure.
No support for MIMO / SGI (Short Guard Interval) or 40 MHz wide-channels, but perhaps we will see those in a future update.
They are asking users for testing against a wide variety of any/all APs!
***
Freebsd adds support for Bluetooth LE Security Management
FreeBSD + BlueTooth, not something we discuss a lot about, but it is still under active development.
The most recently added features come from Takanori Watanabe, and adds new LE Security Management.
Specifically, it enables support for BLE Security Manager Protocol(SMP), and enables a userland tool to wait for the underlying HCI connection to be encrypted.
***
Building OpnSense on HardenedBSD
Looking for a way to further Harden your router? We have a tutorial from the HardenedBSD developer, Shawn Webb, about how to build OpnSense on HBSD 10-STABLE.
You’ll need to first be running HBSD 10-STABLE somewhere, in this article he is using bhyve for the builder VM.
The build process itself is mostly pretty straight-forward, but there are a number of different repos that all have to be checked out, so pay attention to which goes where.
+In this example he does a targeted build for a Netgate RCC-VE-4860, but you can pick your particular build.
***
Beastie Bits
1 BTC bounty for chromium bug!
DesktopBSD 2.0 M1 released
By implementing asynchronous pru_attach for UDP, Sepherosa Ziehau has increased connect rate by around 15K connections per second
Stephen Bourne, known for the Bourne Shell, will be giving a talk at NYCBUG this week
Tor Browser 5.0.3 for OpenBSD released
The Tor BSD Diversity Project aim to
Increase the number of Tor relays running BSDs. We envision this happening by increasing the total number of relays, with the addition of more BSD users running relays;
Make the Tor Browser available under BSD operating systems using native packaging mechanisms. Our first target is OpenBSD;
Engage the broader BSD community about the Tor anonymity network and the place that BSD Unix should occupy in the privacy community at large.
Screenshots from Unix People circa 2002
Feedback/Questions
Dominik - Bhyve Setup
John - beadm + GELI
Darrall - ZFS + RAID = Problems
Hamza - Which shell?
Amenia - FreeBSD routing
***
...more
1h 58min
November 11, 2015115: Controlling the Transmissions
Controlling the Transmissions
This episode was brought to you by
iX Systems Mission Complete
Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!
***
Headlines
FreeBSD 2015 Vendor Dev Summit
FreeBSD Quarterly Status Report - Third Quarter 2015
We have a fresh quarterly status report from the FreeBSD project. Once again it almost merits an entire show, but we will try to hit all the highlights.
Bhyve - Porting of the Intel edk2 UEFI firmware, allowing Windows in headless mode, and Illumos support. Also porting to ARM has begun!
Improved Support for Acer C720 ChromeBooks
High Availability Clustering in CTL (Cam Target Layer)
Root Remounting (Similar to pivot_root in Linux). This work allows using “reboot -r” to do a fast-reboot, with a partial shutdown, kill all processes, and re-mount rootfs and boot. Especially useful for booting from mfs or similar then transitioning to iscsi or some other backing storage
OpenCL Support in Mesa, as well as kernel progress on the i915 driver
Improved support for UEFI FrameBuffer on a bunch of recent MacBook Pro and other Macs, in addition to improvements to “vt” framebuffer driver for high resolution displays.
ZFS support for UEFI Boot (Needs testing, but used in PC-BSD for a couple months now), and importing new features from IllumOS (resumable send, receive prefetch, replication checksumming, 50% less ram required for L2ARC, better prefetch)
DTrace SDT probes added to TCP code, to replace the old TCPDEBUG kernel option. Recompiling the kernel is no longer required to debug TCP, just use DTrace
Ongoing work to bring us a native port/package of GitLab
***
Meteor, the popular javascript web application framework has been forked to run on FreeBSD, OpenBSD and NetBSD - FreeBSD testers requested
We have a public call for testing for FreeBSD users of Meteor by Tom Freudenberg
The included link includes all the details on how to currently get meteor boot-strapped on your box and bring up the server
So far the reports are positive, many users reporting that it is running on their 10.2 systems / jails just fine.
Just a day ago the original porter mentioned that OpenBSD is ready to go for testing using the prepared dev bundle.
***
Mike Larkin work continues on an native OpenBSD hypervisor, which he has announced is now booting
Speaking of OpenBSD, we have an update from Mike Larkin about the status of the OpenBSD native hypervisor vmm(4).
His twitter post included the output from a successful VM bootup of OpenBSD 5.8-current, all the way to multi-user
While the code hasn’t been committed (yet) we will keep you informed when it lands so you too can begin playing with it.
***
This is how I like open source
A blog post by FreeBSD Core Team member, and one of the lead developers of pkg, Baptiste Daroussin
One project he has been working on is string collation
Garrett d'Amore (of IllumOS) implemented unicode string collation while working for Nexenta and made it BSD license
John Marino (from Dragonfly) imported the work done on Illumos into Dragonfly, while he was doing that he decided, it was probably a good idea to rework how locales are handled
He discovered that Edwin Groothuis (from FreeBSD) had long ago started a project to simplify locales handling on FreeBSD
He extended the tools written by Edwin and has been able to update Dragonfly to the latest (v27 so far) unicode definitions
John Marino has worked with Bapt many times on various projects (including bringing pkg and ports to Dragonfly)
Bapt decided it was time that FreeBSD got proper string collation support as well, and worked with John to import the support to FreeBSD
Bapt spotted a couple of bugs and worked with John on fixing them: issues with eucJP encoding, issues with Russian encoding (John did most of the work on tracking down and fixing the bugs), Bapt also converted localedef (the tool to generate the locales) into using BSD license only code (original version used the CDDL libavl library which I modified to use tree(3)), fixed issues. I also took the locale generation from Edwin (extended by John)
This work resulted in a nice flow of patches going from Dragonfly to FreeBSD and from FreeBSD to Dragonfly.
And now Garrett is interested in grabbing back our patches into Illumos!
The result of this collaboration is that now 3 OS share the same implementation for collation support! This is very good because when one discovers a bug the 3 of them benefit the fix!
The biggest win here is that this was a lot of work, and not an area that many people are interested in working on, so it was especially important to share the work rather than reimplement it separately.
***
Interview - Hiren Panchasara - [email protected] / @hirenpanchasara
Improving TCP
***
iXsystems
MissonComplete winners
***
News Roundup
LibreSSL 2.3.1 released
LibreSSl keeps on chugging, the latest release has landed, 2.3.1, which is the second snapshot based upon the OpenBSD 5.9 development branch.
Currently they are targeting a stable ABI/API sometime around March 2016 for the 2.3.X series.
Included in this update are ASN. 1 cleanups and some compliance fixes for RFC5280
Switched internally to time_t, with a check that the host OS supports 64bit time_t
Various TLS fixes, including the ability to check cert validity times with tls_peer_cert_not{before|after}
Fixed a reported memory leak in OBJ_obj2txt
***
Guide for Installing Ghost w/ Nginx on FreeBSD
A nice walkthrough for the week, we’ve found an article about how to install the Ghost blogging platform on FreeBSD 10.2.
For those who don’t know, Ghost is a MIT licensed blogging tool, started in 2012 by a former WordPress UI developer and is entirely coded in Node.js
While a port for FreeBSD does not yet exist (somebody get on that please), this tutorial can walk you through the process of getting it deployed manually
Most of the requirements are simple, www/node, www/npm and sqlite3.
With those installed, most of the steps are simply creating the username / home for ghost, and some “npm” setup.
The walkthrough even includes a handy rc.d script, making the possibility of a port seem much more likely
***
Adrian Chadd on 'Why attention to detail matters when you're a kernel developer
Adrian was correctly trolled in the FreeBSD embedded IRC chatroom and started looking at why the bridging performance in MIPS boards was so bad
120-150 mbit/sec is not really enough anymore
Using previous MIPS24k support as a starting point, Adrian managed to get HWPMC (Hardware Performance Monitoring Counters) working on MIPS74k
Using the data collected from the performance counters Adrian was able to figure out that packets were being copied in order to meet alignment requirements of the NIC and the FreeBSD networking stack. It turns out this is no longer a requirement for most modern Atheros NICs, so the workaround could be removed
Now performance was 180 mbit/sec
Next, on the receive side, only the TCP stack requires strict alignment, the ethernet stack does not, so offset the start point by 2 bytes so that TCP ends up aligned, and problem solved. Or not, no performance difference...
The problem appeared to be busdma, Ian Lepore had recently made improves in this area on armv6 and helpfully ported these over to MIPS
Now 420 mbit/sec. Getting better, but not as fast as Linux
After some further investigation, a missing ‘sync’ operation was added, and the memory caching was changed from writethrough to writeback
Things were so fast now, that the descriptor ring was being run through the ring so quickly as to hit the next descriptor that is still being setup. The first was to mark the first descriptor of a multi-descriptor packet as ‘empty’ until the entire chain was setup, so it would not be processed before the latter bits were done being added to the ring.
So now MIPS can bridge at 720 mbit/sec, and route 320 mbit/sec
Adrian wants to improve the routing speed and get it caught up to the bridging speed, but as always, free time is scarce.
***
Switching from OS X to FreeBSD
The story of a user who had used OS X since its beta, but 10.9 and 10.10, became more and more dissatisfied
They found they were spending too much time fighting with the system, rather than getting work done
They cover the new workstation they bought, and the process of getting FreeBSD going on it, including why they chose FreeBSD rather than PCBSD
Also covered it setting up a Lenovo X220 laptop
They setup the i3wm and mutt
The blog is very detailed and goes so far as to share a github repo of dotfiles and configuration files to ease the transition from OS X.
***
BeastieBits
The Stack behind Netflix's scaling
The Amiga port of NetBSD now has xorg support
NetBSD has announced EOL for v5.x to be November 9th
RetroArch ports allow playing PlayStation, Sega, Atari, etc., games on FreeBSD
OpenBSD booting on a 75mhz Cyrex system with 32MB RAM
Matthew Green reports Nouveau Nvidia can support GL with his latest commit
Releases!
OPNsense releases 15.7.18
pfSense releases 2.2.5
Feedback/Questions
Eric
Andrew
Joseph
Sean
Dustin
***
For those of you curious about Kris' new lighting here are the links to what he is using.
Softbox Light Diffuser
Full Spectrum 5500K CFL Bulb
***
...more
1h 36min
November 05, 2015 BSD-Schooling | BSD Now 114
Allan is out of town this week at another Developer Summit but we have a great episode coming up with Brian Callahan where we discuss BSD in education. Also, news & a lot of user feedback to get to, so sit back & relax, more BSD is coming your way right now!
...more
1h 30min
November 04, 2015114: BSD-Schooling
This week, Allan is out of town at another Developer Summit, but we have a great episode coming
This episode was brought to you by
alt="iXsystems - Enterprise Servers and Storage for Open Source" />
title="DigitalOcean">
src="/images/3.png" alt="Tarsnap - Online Backups for the Truly Paranoid" />
iX Systems Mission Complete
Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!
***
Headlines
WhatsApp founder, on how it got so HUGE
Wired has interviewed WhatsApp co-founder Brian Acton, about the infrastructure behind WhatsApp
WhatsApp manages 900 million users with a team of 50, while Twitter needs around 4,000 employees to manage 300 million users.
“FreeBSD has a nicely tuned network stack and extremely good reliability. We find managing FreeBSD installations to be quite straightforward.”
“Linux is a beast of complexity. FreeBSD has the advantage of being a single distribution with an extraordinarily good ports collection.”
“To us, it has been an advantage as we have had very few problems that have occurred at the OS level. With Linux, you tend to have to wrangle more and you want to avoid that if you can.”
“FreeBSD happened because both Jan and I have experience with FreeBSD from Yahoo!.”
Additional Coverage
***
User feedback in the SystemD vs BSD init
We have a very detailed blog post this week from Randy Westlund, about his experiences on Linux and BSD, contrasting the init systems.
What he finds is that while, it does make some things easier, such as writing a service file once, and having it run everywhere, the tradeoff comes in the complexity and lack of transparency.
Another area of concern was the reproducibility of boots, how in his examples on servers, there can often be times when services start in different orders, to save a few moments of boot-time.
His take on the simplicity of BSD’s startup scripts is that they are very easy to hack on and monitor, while not introducing the feature creep we have seen in sysd.
It will be interesting to see NextBSD / LaunchD and how it compares in the future!
***
Learn to embrace open source, or get buried
At the recent “All Things Open” conference, opensource.com interviewed Jim Salter
He describes how he first got started using FreeBSD to host his personal website
He then goes on to talk about starting FreeBSDWiki.net and what its goals were
The interview then talks about using Open Source at solve customers’ problems at his consulting firm
Finally, the talks about his presentation at AllThingsOpen: Move Over, Rsync
about switching to ZFS replication
***
HP’s CTO Urges businesses to avoid permissive licenses
Martin Fink went on a rant about the negative effects of license proliferation
While I agree that having too many new licenses is confusing and adds difficulty, I didn’t agree with his closing point
“He then ended the session with an extended appeal to move the open-source software industry away from permissive licenses like Apache 2.0 and toward copyleft licenses like the GPL”
“The Apache 2.0 license is currently the most widely used "permissive" license. But the thing that developers overlook when adopting it, he said, is that by using Apache they are also making a choice about how much work they will have to put into building any sort of community around the project. If you look at Apache-licensed projects, he noted, "you'll find that they are very top-heavy with 'governance' structures." Technical committees, working groups, and various boards, he said, are needed to make such projects function. But if you look at copyleft projects, he added, you find that those structures simply are not needed.”
There are plenty of smaller permissively licensed projects that do not have this sort of structure, infact, most of this structure comes from being an Apache run project, rather than from using the Apache or any other permissive license
Luckily, he goes on to state that the “OpenSwitch code is released under the Apache 2.0 license, he said, because the other partner companies viewed that as a requirement.”
“HP wanted to get networking companies and hardware suppliers on board. In order to get all of the legal departments at all of the partners to sign on to the project, he said, HP was forced to go with a permissive license”
Hopefully the trend towards permissive licenses continues
Additionally, in a separate LWN post:
RMS Says: “I am not saying that competitors to a GNU package are unjust or bad -- that isn't necessarily so. The pertinent point is that they are competitors. The goal of the GNU Project is for GNU to win the competition. Each GNU package is a part of the GNU system, and should contribute to the success of the GNU Project. Thus, each GNU package should encourage people to run other GNU packages rather than their competitors -- even competitors which are free software.”
Never thought I’d see RMS espousing vendor lock-in
***
Interview - Brian Callahan - [email protected] / @twitter
The BSDs in Education
***
News Roundup
Digital Libraries in Africa making use of DragonflyBSD and HAMMER
In the international development context, we have an interesting post from Michael Wilson of the PeerCorps Trust Fund.
They are using DragonFlyBSD and FreeBSD to support the Tanzanian Digital Library Initiative in very resource-limited settings.
They cite among the most important reasons for using BSD as the availability and quality of the documentation, as well as the robustness of the filesystems, both ZFS and HAMMER.
Their website is now online over at (http://www.tandli.com/) , check it out to see exactly how BSD is being used in the field
***
netflix hits > 65gbps from a single freebsd box
A single socket server, with a high end Xeon E5 processor and a dual ported Chelsio T580 (2x 40 Gbps ports) set a netflix record pushing over 65 Gbps of traffic from a single machine
The videos were being pushed from SSDs and some new high end NVMe devices
The previous record at Netflix was 52 Gbps from a single machine, but only with very experimental settings. The current work is under much more typical settings
By the end of that night, traffic surged to over 70 Gbps
Only about 10-15% of that traffic was encrypted with the in-kernel TLS engine that Netflix has been working on with John-Mark Gurney
It was reported that the machine was only using about 65% cpu, and had plenty of head room
If I remember the discussion correctly, there were about 60,000 streams running off the machine
***
Lumina Desktop 0.8.7 has been released
A very large update has landed for PC-BSD’s Lumina desktop
A brand new “Start” menu has been added, which enables quick launch of favorite apps, pinning to desktop / favorites and more.
Desktop icons have been overhauled, with better font support, and a new Grid system for placement of icons.
Support for other BSD’s such as DragonFly has been improved, along with TONS of internal changes to functionality and backends.
Almost too many things to list here, but the link above will have full details, along with screenshots.
***
A LiveUSB for NetBSD has been released by Jibbed
After a three year absence, the Jibbed project has come back with a Live USB image for NetBSD!
The image contains NetBSD 7.0, and is fully R/W, allowing you to run the entire system from a single USB drive.
Images are available for 8Gb and 4Gb sticks (64bit and 32bit respectively), along with VirtualBox images as well
For those wanting X, it includes both X and TWM, although ‘pkgin’ is available, so you can quickly add other desktops to the image
***
Beastie Bits
After recent discussions of revisiting WX support in Mozilla Firefox, David Coppa has flipped the switch to enable it for OpenBSD users running -current.
Using the vt(4) driver to change console resolution
The FreeBSD Foundation gives a great final overview of the Grace Hopper Conference
A dialog about Compilers in the (BSD) base system
One upping their 48-core work from July, The Semihalf team shows off their the 96-core SMP support for FreeBSD on Cavium ThunderX (ARMv8 architecture
NYC Bug's November meeting will be featuring a talk by Stephen R. Bourne
New not-just-BSD postcast, hosted by two OpenBSD devs Brandon Mercer and Joshua Stein
Feedback/Questions
Stefan
Zach
Jake
Corey
Robroy
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to
[email protected]
...more
1h 30min
October 29, 2015 What’s Next for BSD? | BSD Now 113
Coming up on this week’s episode, we have an interview Jordan Hubbard about the new NextBSD project & the future of BSD. Also Allan's re-cap of the OpenZFS conference & of course your latest news!
...more
2h 20min
October 28, 2015113: What’s Next for BSD?
Coming up on this week’s episode, we have an interview
This episode was brought to you by
src="/images/1.png" alt="iXsystems - Enterprise
Servers and Storage for Open Source" />
href="http://www.digitalocean.com/" title="DigitalOcean">
src="/images/2.png" alt="DigitalOcean - Simple Cloud
Hosting, Built for Developers" />
href="http://www.tarsnap.com/bsdnow" title="Tarsnap">
src="/images/3.png" alt="Tarsnap - Online Backups
for the Truly Paranoid" />
iX Systems Mission Complete
Submit your story of how you accomplished a mission with FreeBSD, FreeNAS, or iXsystems hardware, and you could win monthly prizes, and have your story featured in the FreeBSD Journal!
***
Headlines
OpenBSD 5.8 is released on the 20th birthday of the OpenBSD project
5.8 has landed, and just in time for the 20th birthday of OpenBSD, Oct 18th
A long list of changes can be found on the release announcement, but here’s a small scattering of them
Drivers for new hardware, such as:
rtwn = Realtek RTL8188CE wifi
hpb = HyperTransport bridge in IBM CPC945
Improved sensor support for upd driver (USB power devices)
Jumbo frame support on re driver, using RTL8168C/D/E/F/G and RTL8411
Updated to installer, improve autoinstall, and questions about SSH setup
Sudo in base has been replace with “doas”, sudo moved to package tree
New file(1) command with sandboxing and priv separation
The tame(2) API WiP
Improvements to the httpd(8) daemon, such as support for lua pattern matching redirections
Bugfixes and the security updates to OpenSMTPD 5.4.4
LibreSSL security fixes, removed SSLv3 support from openssl(1) (Still working on nuking SSLv3 from all ports)
And much more, too much to mention here, read the notes for all the gory details!
OpenBSD Developer Interviews
To go along with the 20th birthday, we have a whole slew of new interviews brought to us by the beastie.pl team. English and Polish are both provided, so be sure not to miss these!
Dmitrij D. Czarkoff
Vadim Zhukov
Marc Espie
Bryan Steele
Ingo Schwarze
Gilles Chehade
Jean-Sébastien Pédron has submitted a call for testing out the neIntel i915 driver
A very eagerly awaited feature, Haswell GPU support has begun the testing process
The main developer, Jean-Sébastien Pédron [email protected] looking for users to test the patch, both those that have older supported cards (Sandybridge, Ivybridge) that are currently working, and users with Haswell devices that have, until now, not been supported
Included is a link to the Wiki with instructions on how to enable debugging, and grab the updated branch of FreeBSD with the graphical improvements. Jean-Sébastien is calling for testers to send results both good and bad over to the freebsd-x11 mailing lists
For those who want an “out of box solution” the next PC-BSD 11.0-CURRENT November images will include these changes as well
How to install FreeBSD on a Raspberry Pi 2
We have a nice walkthrough this week on how to install FreeBSD, both
10 or 11-CURRENT on a RPi 2!
The walkthrough shows us how to use OSX to copy the image to SD card,
then booting.
In this case, we have him using a USB to serial cable to capture
output with screen
This is a pretty quick way for users sitting on a RPi2 to get up and
running with FreeBSD
Interview - Jordan Hubbard - [email protected]
NextBSD | NextBSD Github
Beastie Bits
OpenBSD's Source Tree turned 20 on October 18th
GhostBSD working on Graphical ZFS Configuration Utility
EuroBSDcon 2014 videos finally online
Postdoctoral research position at Memorial University is open
NetBSD Security Advisory: TCP LAST_ACK memory exhaustion, reported by NetFlix and Juniper
DesktopBSD making a comeback?
Feedback/Questions
Steve
Ben
Frank
Tyler
...more
2h 20min
October 21, 2015112: Tracing the source
This week Allan is away at a ZFS conference, so it seems
This episode was brought to you by
src="/images/1.png" alt="iXsystems - Enterprise
Servers and Storage for Open Source" />
href="http://www.digitalocean.com/" title="DigitalOcean">
src="/images/2.png" alt="DigitalOcean - Simple Cloud
Hosting, Built for Developers" />
href="http://www.tarsnap.com/bsdnow" title="Tarsnap">
src="/images/3.png" alt="Tarsnap - Online Backups
for the Truly Paranoid" />
Headlines
pfsense - 2.3 alpha snapshots available
pfsense 2.3 Features and Changes
The entire front end has been re-written
Upgrade of base OS to FreeBSD 10-STABLE
The PPTP server component has been removed,
PBIs have been replaced with pkg
PHP upgraded to 5.6
The web interface has been converted to Bootstrap
***
BSDMag October 2015 out
A Look at the New PC-BSD 10.2 - Kris Moore
Basis Of The Lumina Desktop Environment 18 - Ken Moore
A Secure Webserver on FreeBSD with Hiawatha - David Carlier
Defeating CryptoLocker Attacks with ZFS - Michael Dexter
Emerging Technology Has Increasingly Been a Force for Both Good and
Evil - Rob Somerville
Interviews with: Dru Lavigne, Luca Ferrari, Oleksandr Rybalko
***
OpnSense 15.7.14 Released
Another update to OpnSense has landed!
Some of the notable takeaways this time are that it isn’t a
security update
Major rework of the firewall rules sections including, rules,
schedules, virtual ip, nat and aliases pages
Latest BIND and Squid packages
Improved configuration management, including fixes to importing an old
config file. New location for configuration history / backups.
***
OpenBSD in Toyota Highlander
Images
While looking through the ‘Software Information’ screen of a Toyota Highlander, Chad Dougherty of the ACM found a bunch of OpenBSD copyright notices
At least one of which I recognize as OpenCrypto, because of the comment about “transforms”
It is likely that the vehicle is running QNX, which contains various bits of BSD
QNX: Third Party License Terms List version 2.17
Some highlights
Robert N. M. Watson (FreeBSD)
TrustedBSD Project (FreeBSD)
NetBSD Foundation
NASA Ames Research Center (NetBSD)
Damien Miller (OpenBSD)
Theo de Raadt (OpenBSD)
Sony Computer Science Laboratories Inc.
Bob Beck (OpenBSD)
Christos Zoulas (NetBSD)
Markus Friedl (OpenBSD)
Henning Brauer (OpenBSD)
Network Associates Technology, Inc. (FreeBSD)
100s of others
OpenSSH seems to be included
It also seems to contain tcpdump for some reason
Interview - Adam Leventhal -
[email protected] /
@ahl
ZFS and DTrace
Beastie-Bits
isboot, an iSCSI boot driver for FreeBSD 9 and 10
tame() is now called pledge()
Interview with NetBSD developer Leoardo
Taccari
Fuguita releases LiveCD based on OpenBSD 5.8
Dtrace toolkit gets an update and imported into NetBSD
An older article about how to do failover / load-balancing in pfsense
Feedback/Questions
Michael writes in
Possniffer writes in
Erno writes in
***
...more
59min
October 14, 2015111: Xenocratic Oath
Coming up on this weeks episode, we have BSD news, tidbits and articles out the wazoo to share. Also, be sure to stick around for our interview with Brandon Mercer as he tells us about OpenBSD being used in the healthcare industry.
This episode was brought to you by
Headlines
NetBSD 7.0 Release Announcement
DRM/KMS support brings accelerated graphics to x86 systems using modern Intel and Radeon devices (Linux 3.15)
Multiprocessor ARM support.
Support for many new ARM boards, including the Raspberry Pi 2 and BeagleBone Black
Major NPF improvements:
BPF with just-in-time (JIT) compilation by default
support for dynamic rules
support for static (stateless) NAT
support for IPv6-to-IPv6 Network Prefix Translation (NPTv6) as per RFC 6296
support for CDB based tables (uses perfect hashing and guarantees lock-free O(1) lookups)
Multiprocessor support in the USB subsystem.
GPT support in sysinst via the extended partitioning menu.
Lua kernel scripting
GCC 4.8.4, which brings support for C++11
Experimental support for SSD TRIM in wd(4) and FFS
tetris(6): Add colours and a 'down' key, defaulting to 'n'. It moves the block down a line, if it fits.
***
CloudFlare develops interesting new netmap feature
Normally, when Netmap is enabled on an interface, the kernel is bypassed and all of the packets go to the Netmap consumers
CloudFlare has developed a feature that allows all but one of the RX queues to remain connected to the kernel, and only a single queue be passed to Netmap
The change is a simple modification to the nm_open API, allowing the application to open only a specific queue of the NIC, rather than the entire thing
The RSS or other hashing must be modified to not direct traffic to this queue
Then specific flows are directed to the netmap application for matching traffic
For example under Linux:
ethtool -X eth3 weight 1 1 1 1 0 1 1 1 1 1
ethtool -K eth3 lro off gro off
ethtool -N eth3 flow-type udp4 dst-port 53 action 4
Directs all name server traffic to NIC queue number 4
Currently there is no tool like ethtool to accomplish this same under FreeBSD
I wonder if the flows could be identified more specifically using something like ipfw-netmap
***
Building your own OpenBSD based Mail server!
part 2
part 3
The UK Register gives us a great writeup on getting your own mail server setup specifically on OpenBSD 5.7
In this article they used a MiniPC the Acer Revo One RL85, which is a decently priced little box for a mail server
While a bit lengthy in 3 parts, it does provide a good walkthrough of getting OpenBSD setup, PostFix and DoveCot configured and working. In the final installment it also provides details on spam filtering and antivirus scanning.
Getting started with the UEFI bootloader on OpenBSD
If you've been listening over the past few weeks, you've heard about OpenBSD.s new UEFI boot-loader. We now have a blog post with detailed instructions on how to get setup with this on your own system.
The initial setup is pretty straightforward, and should only take a few minutes at most. In involves the usual fdisk commands to create a FAT EFI partition, and placing the bootx64.efi file in the correct location.
As a bonus, we even get instructions on how to enable the frame-buffer driver on systems without native Intel video support (ThinkPad x250 in this example)
***
Recipe for building a 10Mpps FreeBSD based router
Olivier, (of FreeNAS and BSD Router Project fame) treats us this week to a neat blog post about building your own high-performance 10Mpps FreeBSD router
As he first mentions, the hardware required will need to be beefy, no $200 miniPC here. In his setup he uses a 8 core Intel Xeon E5-2650, along with a Quad port 10 Gigabit Chelsio TS540-CR.
He mentions that this doesn't work quite on stock FreeBSD yet, you will need to pull code in from the projects/routing which fixes an issue with scaling on cores, in this case he is shrinking the NIC queues down to 4 from 8.
If you don't feel like doing the compiles yourself, he also includes links to experimental BSDRouter project images which he used to do the benchmarks
Bonus! Nice graphic of the benchmarks from enabling IPFW or PF and what that does to the performance.
***
Interview - Brandon Mercer - [email protected] / @knowmercymod
OpenBSD in Healthcare
Sorry about the audio quality degradation. The last 7 or 8 minutes of the interview had to be cut, a problem with the software that captures the audio from skype and adds it to our compositor. My local monitor is analogue and did not experience the issue, so I was unaware of the issue during the recording
***
News Roundup
Nvidia releases new beta FreeBSD driver along with new kernel module
Includes a new kernel module, nvidia-modeset.ko
While this module does NOT have any user-settable features, it works with the existing nvidia.ko to provide kernel-mode setting (KMS) used by the integrated DRM within the kernel.
The beta adds support for 805A and 960A nvidia cards
Also fixes a memory leak and some regressions
***
MidnightBSD 0.7-RELEASE
We missed this while away at Euro and elsewhere, but MidnightBSD (A desktop-focused FreeBSD 6.1 Fork) has come out with a new 0.7 release
This release primarily focuses on stability, but also includes important security fixes as well.
It cherry-picks updates to a variety of FreeBSD base-system updates, and some important ZFS features, such as TRIM and LZ4 compression
Their custom .mports. system has also gotten a slew of updates, with almost 2000 packages now available, including a WiP of Gnome3. It also brings support for starting / stopping services automatically at pkg install or removal.
They note that this will most likely be the last i386 release, joining the club of other projects that are going 64bit only.
***
"Open Source as a Career Path"
The FreeBSD Project held a panel discussion of why Open Source makes a good career path at the ACM.s womENcourage conference in Uppsala, Sweden, the weekend before EuroBSDCon
The Panel was lead by Dru Lavigne, and consisted of Deb Goodkin, Benedict Reuschling, Dan Langille, and myself
We attempted to provide a cross section of experiences, including women in the field, the academic side, the community side, and the business side
During the question period, Dan gave a great answer to the question of .Why do open source projects still use old technologies like mailing lists and IRC.
The day before, the FreeBSD Foundation also had a booth at the career fair. We were the only open source project that attended. Other exhibitors included: Cisco, Facebook, Intel, Google, and Oracle.
The following day, Dan also gave a workshop on how to contribute to an open source project
***
Beastie-Bits
NetBSD 2015PkgSrc Freeze
Support for 802.11N for RealTek USB in FreeBSD
Wayland ported to DragonFlyBSD
OpenSMTPd developer debriefs on audit report
FreeBSD fixes issue with pf under Xen with TSO. Errata coming soon
Xinuos funds the HardenedBSD project
Feedback/Questions
Evan
Darin writes in
Jochen writes in
***
...more
1h 3min
October 07, 2015110: - Firmware Fights
This week on BSDNow, we get to hear all of Allans post EuroBSDCon wrap-up and a great interview with Benno Rice from Isilon. We got to discuss some of the pain of doing major forklift upgrades, and why your business should track -CURRENT.
This episode was brought to you by
Headlines
EuroBSDCon Videos
EuroBSDCon has started posting videos of the talks online already.
The videos posted online are archives of the live stream, so some of the videos contain multiple talks
Due to a technical complication, some videos only have 1 channel of audio
EuroBSDCon Talk Schedule
Red Room Videos
Yellow Room Videos
Blue Room Videos
Photos of the conference courtersy of Ollivier Robert
***
A series of OpenSMTPd patches fix multiple vulnerabilities
Qualys recently published an audit of the OpenSNMPd source code
The fixes for these vulnerabilities were released as 5.7.2
After its release, two additional vulnerabilities were found. One, in the portable version, newer code that was added after the audit started
All users are strongly encouraged to upgrade to 5.7.3
OpenBSD users should apply the latest errata or upgrade to the newest snapshot
***
FreeBSD updates in -CURRENT
Looks like Xen header support has been bumped in FreeBSD from 4.2 -> 4.6
It also enables support for ARM
Update to Clang / LLVM to 3.7.0
http://llvm.org/releases/3.7.0/docs/ReleaseNotes.html
ZFS gets FRU (field replaceable unit) tracking
OpenCL makes it way into the ports tree
bhyve has grown UEFI support, plus a CSM module
bhyve can now boot Windows
Currently there is still only a serial console, so the post includes an unattended install .xml file and instructions on how to repack the ISO. Once Windows is installed, you can RDP into the machine
bhyve can also now run IllumOS
***
OpenBSD Initial Support for Broadwell Graphics
OpenBSD joins DragonFly now with initial support for broadwell GPUs landing in their development branch
This brings Open up to Linux 3.14.52 DRM, and Mark Kettenis mentions that it isn.t perfect yet, and may cause some issues with older hardware, although no major regressions yet
***
OpenBSD Slides for TAME and libTLS APIs
The first set of slides are from a talk Theo de Raadt gave in Croatia, they describe the history and impetus for tame
Theo specifically avoids comparisons to other sandboxing techniques like capsicum and seccomp, because he is not impartial
tame() itself is only about 1200 lines of code
Sandboxing the file(1) command with systrace: 300 lines of code, with tame: 4 lines
Theo makes the point that .optional security. is irrelevant. If a mitigation feature has a knob to turn it off, some program will break and advise users to turn the feature off. Eventually, no one uses the feature, and it dies
This has lead to OpenBSD.s policy: .Once working, these features cannot be disabled. Application bugs must be fixed.
The second talk is by Bob Beck, about LibreSSL
when LibreSSL was forked from OpenSSL 1.0.1g, it contained 388,000 lines of C code
30 days in LibreSSL, they had deleted 90,000 lines of C
OpenSSL 1.0.2d has 432,000 lines of C (728k total), and OpenSSL Current has 411,000 lines of C (over 1 million total)
LibreSSL today, contains 297,000 lines of C (511k total)
None of the high risk CVEs against OpenSSL (there have been 5) have affected LibreSSL. It turns out removing old code and unneeded features is good for security.
The talk focuses on libtls, an alternative to the OpenSSL API, designed to be easier to use and less error prone
In the libtls api, if -1 is returned, it is always an error. In OpenSSL, it might not be an error, needs additional code to check errno
In OpenBSD: ftp, nc, ntpd, httpd, spamd, syslog have been converted to the new API
The OpenBSD Foundation is looking for donations in order to sponsor 2-3 developers to spend 6 months dedicated to LibreSSL
***
Interview - Benno Rice - [email protected] / @jeamland
Isilon and building products on top of FreeBSD
News Roundup
ReLaunchd
This past week we got a heads up about another init/launchd replacement, this time .Relaunchd.
The goals of this project appear to be keeping launchd functionality, while being portable enough to run on FreeBSD / Linux, etc.
It also has aspirations of being .container-aware. with support for jailed services, ala-docker, as well as cluster awareness.
Written in ruby :(, it also maintains that it wishes to NOT take over PID1 or replace the initial system boot scripts, but extend / leverage them in new ways.
***
Static Intrusion Detection in NetBSD
Alistar Crooks has committed a new .sid. utility to NetBSD, which allows intrusion detection by comparing the file-system contents to a database of known good values
The utility can compare the entire root file system of a modest NetBSD machine in about 15 seconds
The following parameters of each file can be checked: atime, block count, ctime, file type, flags, group, inode, link target, mtime, number of links, permissions, size, user, crc32c checksum, sha256 checksum, sha512 checksum
A JSON report is issued at the end, for any detected variances
***
LibreSSL 2.3.0 in PC-BSD
If you.re running PC-BSD 10.2-EDGE or October's -CURRENT image, LibreSSL 2.3.0 is now a thing
Thanks to the hard work of Bernard Spil and others, we have merged in the latest LibreSSL which actually removes SSL support in favor of TLS
Quite a number of bugs have been fixed, as well as patches brought over from OpenBSD to fix numerous ports.
Allan has started a patchset that sets the OpenSSL in base to "private"
This hides the library so that applications and ports cannot find it, so only tools in the base system, like fetch, will be able to use it. This makes OpenSSL no longer part of the base system ABI, meaning the version can be upgraded without breaking the stable ABI promise. This feature may be important in the future as OpenSSL versions now have EoL dates, that may be sooner than the EoL on the FreeBSD stable branches.
***
PC-BSD and boot-environments without GRUB
In this month.s -CURRENT image of PC-BSD, we began the process of moving back from the GRUB boot-loader, in favor of FreeBSD.s
A couple of patches have been included, which enables boot-environment support via the 4th menus (Thanks Allan) and support for booting ZFS on root via UEFI
"beadm" has also been updated to seamlessly support both boot-loaders
No full-disk encryption support yet (hopefully soon), but GRUB is still available on installer for those who need it
***
Import of IWM wireless to DragonFly
Matthew Dillon has recently imported the newer if_iwm driver from FreeBSD -> DragonFly
Across the internet, users with newer Intel chipsets rejoiced!
Coupled with the latest Broadwell DRM improvements, DragonFly sounds very ready for the latest laptop chipsets
Also, looks like progress is being made on i386 removal
***
Feedback/Questions
Dan writes in about PCBSD
Matt writes in about ZFS
Anonymous writes in about problems booting
***
...more
1h 37min
September 30, 2015 109: Impish BSD
This week, we have a great interview with Warner Losh of the FreeBSD project! We will be discussing everything from automatic kernel module loading, IO scheduling and of course NanoBSD.
This episode was brought to you by
Interview - Warner Losh - [[email protected]]([email protected]) / @bsdimp
SSD performance and driver auto-loader
...more
56min

FAQs about BSD Now:

How many episodes does BSD Now have?

The podcast currently has 637 episodes available.

More shows like BSD Now

Security Now (Audio) by TWiT

Security Now (Audio)

1,979 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

272 Listeners

Risky Business by Patrick Gray

Risky Business

365 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

626 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

284 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

265 Listeners

Talk Python To Me by Michael Kennedy

Talk Python To Me

590 Listeners

Python Bytes by Michael Kennedy and Brian Okken

Python Bytes

215 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

154 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

189 Listeners

Linux Dev Time by The Late Night Linux Family

Linux Dev Time

21 Listeners

The Real Python Podcast by Real Python

The Real Python Podcast

139 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

92 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

47 Listeners