BSD Now

By JT Pennington

Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as... more

4.9

8989 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about BSD Now:

How many episodes does BSD Now have?

The podcast currently has 634 episodes available.

BSD Now episodes:

June 24, 201595: Bitrot Group Therapy
This time on the show, we'll be talking some ZFS with Sean Chittenden. He's been using it on FreeBSD at Groupon, and has some interesting stories about how it's saved his data. Answers to your emails and all of this week's headlines, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
More BSDCan 2015 videos
Almost as if we said it would happen last week, more BSD-related presentation videos have been uploaded
Alexander Motin, Feature-rich and fast SCSI target with CTL and ZFS
Daichi Goto, FreeBSD for High Density Servers
Ken Moore, Lumina-DE
Kevin Bowling, FreeBSD Operations at Limelight Networks
Maciej Pasternacki, Jetpack, a container runtime for FreeBSD
Ray Percival, Networking with OpenBSD in a virtualized environment
Reyk Floeter, Introducing OpenBSD's new httpd
Still more to come, hopefully
***
OpenBSD httpd rewrite support
One of the most-requested features of OpenBSD's new HTTP daemon (in fact, you can hear someone asking about it in the video just above) is rewrite support
There were concerns about regex code being too complicated and potentially allowing another attack surface, so that was out
Instead, Reyk ported over an implementation of lua pattern matching while on the flight back from BSDCan, turning it into a C API without the lua bindings
In the mailing list post, he shows an example of how to use it for redirects and provides the diff if you'd like to give it a try now
It's since been committed to -current, so you can try it out with a snapshot too
***
SSH 2FA on FreeBSD
We've discussed different ways to lock down SSH access to your BSD boxes before - use keys instead of passwords, whitelist IPs, or even use two-factor authentication
This article serves as a sort of "roundup" on different methods to set up two-factor authentication on FreeBSD
It touches on key pairs with a server-side password, google authenticator and a few other variations
While the article is focused on FreeBSD, a lot of it can be easily applied to the others too
OpenSSH has a great security record, but two-factor authentication is always a good thing to have for the most important systems
***
NetBSD 7.0-RC1 released
NetBSD has just announced the first release candidate for the 7.0 branch, after a long delay since the initial beta (11 months ago)
Some of the standout features include: improved KMS/DRM with support for modern GPUs, SMP support on ARM, lots of new ARM boards officially supported, GPT support in the installer, Lua kernel scripting, a multiprocessor USB stack, improvements to NPF (their firewall) and, optionally, Clang 3.6.1
They're looking for as much testing as possible, so give it a try and report your findings to the release engineering team
***
Interview - Sean Chittenden - [email protected] / @seanchittenden
FreeBSD at Groupon, ZFS
News Roundup
OpenSMTPD and Dovecot
We've covered a number of OpenSMTPD mail server guides on the show, each with just a little something different to offer than the last
This blog post about it has something not mentioned before: virtual domains and virtual users
This means you can easily have "[email protected]" and "[email protected]" both go to a local user on the box (or a different third address)
It also covers SSL certificates, blocking spam and setting up IMAP access, the usual
Now might also be a good time to test out OpenSMTPD 5.7.1-rc1, which we'll cover in more detail when it's released...
***
OctoPkg, a QT frontend to pkgng
A PC-BSD user has begun porting over a graphical package management utility from Arch linux called Octopi
Obviously, it needed to be rewritten to use FreeBSD's pkg system instead of pacman
There are some basic instructions on how to get it built and running on the github page
After some testing, it'll likely make its way to the FreeBSD ports tree
Tools like this might make it easier for desktop users (who are used to similar things in Ubuntu or related distros) to switch over
***
AFL vs. mandoc, a quantitative analysis
Ingo Schwarze has written a pretty detailed article about how he and other OpenBSD developers have been fuzzing mandoc with AFL
It's meant to be accompanying material to his BSDCan talk, which already covered nine topics
mandoc is an interesting example to stress test with fuzzing, since its main job is to take and parse some highly varying input
The article breaks down the 45 different bugs that were found, based on their root cause
If you're interested in secure coding practices, this'll be a great one to read
***
OpenZFS conference videos
Videos from the second OpenZFS conference have just started to show up
The first talk is by, you guessed it, Matt Ahrens
In it, he covers some ZFS history, the Oracle takeover, the birth of illumos and OpenZFS, some administration basics and also some upcoming features that are being worked on
There are also videos from Nexenta and HGST, talking about how they use and contribute to OpenZFS
***
Feedback/Questions
Bryson writes in
Kevin writes in
***
...more
1h 16min
June 17, 201594: Builder's Insurance
This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
BSDCan 2015 videos
BSDCan just ended last week, but some of the BSD-related presentation videos are already online
Allan Jude, UCL for FreeBSD
Andrew Cagney, What happens when a dwarf and a daemon start dancing by the light of the silvery moon?
Andy Tanenbaum, A reimplementation of NetBSD using a MicroKernel
Brooks Davis, CheriBSD: A research fork of FreeBSD
Giuseppe Lettieri, Even faster VM networking with virtual passthrough
Joseph Mingrone, Molecular Evolution, Genomic Analysis and FreeBSD
Olivier Cochard-Labbe, Large-scale plug&play x86 network appliance deployment over Internet
Peter Hessler, Using routing domains / routing tables in a production network
Ryan Lortie, a stitch in time: jhbuild
Ted Unangst, signify: Securing OpenBSD From Us To You
Many more still to come...
***
Documenting my BSD experience
Increasingly common scenario: a long-time Linux user (since the mid-90s) decides it's finally time to give BSD a try
"That night I came home, I had been trying to find out everything I could about BSD and I watched many videos, read forums, etc. One of the shows I found was BSD Now. I saw that they helped people and answered questions, so I decided to write in."
In this ongoing series of blog posts, a user named Michael writes about his initial experiences with trying different BSDs for some different tasks
The first post covers ZFS on FreeBSD, used to build a file server for his house (and of course he lists the hardware, if you're into that)
You get a glimpse of a brand new user trying things out, learning how great ZFS-based RAID arrays are and even some of the initial hurdles someone could run into
He's also looking to venture into the realm of replacing some of his VMs with jails and bhyve soon
His second post explores replacing the firewall on his self-described "over complicated home network" with an OpenBSD box
After going from ipfwadmin to ipchains to iptables, not even making it to nftables, he found the simple PF syntax to be really refreshing
All the tools for his networking needs, the majority of which are in the base system, worked quickly and were easy to understand
Getting to hear experiences like this are very important - they show areas where all the BSD developers' hard work has paid off, but can also let us know where we need to improve
***
PC-BSD tries HardenedBSD builds
The PC-BSD team has created a new branch of their git repo with the HardenedBSD ASLR patches integrated
They're not the first major FreeBSD-based project to offer an alternate build - OPNsense did that a few weeks ago - but this might open the door for more projects to give it a try as well
With Personacrypt, OpenNTPD, LibreSSL and recent Tor integration through the tools, these additional memory protections will offer PC-BSD users even more security that a default FreeBSD install won't have
Time will tell if more projects and products like FreeNAS might be interested too
***
C-states in OpenBSD
People who run BSD on their notebooks, you'll want to pay attention to this one
OpenBSD has recently committed some ACPI improvements for deep C-states, enabling the processor to enter a low-power mode
According to a few users so far, the change has resulted in dramatically lower CPU temperatures on their laptops, as well as much better battery life
If you're running OpenBSD -current on a laptop, try out the latest snapshot and report back with your findings
***
NetBSD at Open Source Conference 2015 Hokkaido
The Japanese NetBSD users group never sleeps, and they've hit yet another open source conference
As is usually the case, lots of strange machines on display were running none other than NetBSD (though it was mostly ARM this time)
We'll be having one of these guys on the show next week to discuss some of the lesser-known NetBSD platforms
***
Interview - Marc Espie - [email protected] / @espie_openbsd
Recent improvements to OpenBSD's dpb tool
News Roundup
Introducing xhyve, bhyve on OS X
We've talked about FreeBSD's "bhyve" hypervisor a lot on the show, and now it's been ported to another OS
As the name "xhyve" might imply, it's a port of bhyve to Mac OS X
Currently it only has support for virtualizing a few Linux distributions, but more guest systems can be added in the future
It runs entirely in userspace, and has no extra requirements beyond OS X 10.10 or newer
There are also a few examples on how to use it
***
4K displays on DragonFlyBSD
If you've been using DragonFly as a desktop, maybe with those nice Broadwell graphics, you'll be pleased to know that 4K displays work just fine
Matthew Dillon wrote up a wiki page about some of the specifics, including a couple gotchas
Some GUI applications might look weird on such a huge resolution,
HDMI ports are mostly limited to a 30Hz refresh rate, and there are slightly steeper hardware requirements for a smooth experience
***
Sandboxing port daemons on OpenBSD
We talked about different containment methods last week, and mentioned that a lot of the daemons in OpenBSD's base as chrooted by default - things from ports or packages don't always get the same treatment
This blog post uses a mumble server as an example, but you can apply it to any service from ports that doesn't chroot by default
It goes through the process of manually building a sandbox with all the libraries you'll need to run the daemon, and this setup will even wipe and refresh the chroot every time you restart it
With a few small changes, similar tricks could be done on the other BSDs as well - everybody has chroots
***
SmallWall 1.8.2 released
SmallWall is a relatively new BSD-based project that we've never covered before
It's an attempt to keep the old m0n0wall codebase going, and appears to have started around the time m0n0wall called it quits
They've just released the first official version, so you can give it a try now
If you're interested in learning more about SmallWall, the lead developer just might be on the show in a few weeks...
***
Feedback/Questions
David writes in
Brian writes in
Dan writes in
Joel writes in
Steve writes in
***
...more
1h 26min
June 10, 201593: Stacked in Our Favor
We're at BSDCan this week, but fear not! We've got a great interview with Sepherosa Ziehau, a DragonFly developer, about their network stack. After that, we'll be discussing different methods of containment and privilege separation. Assuming no polar bears eat us, we'll be back next week with more BSD Now - the place to B.. SD.
This episode was brought to you by
Interview - Sepherosa Ziehau - [email protected]
Features of DragonFlyBSD's network stack
Discussion
Comparing containment methods and privilege separation
chroot, jails, systrace, capsicum, filesystem permissions, separating users
***
Feedback/Questions
Brad writes in
Anonymous writes in
Benjamin writes in
Jeroen writes in
***
...more
1h 9min
June 03, 201592: BSD After Midnight
Coming up this week, we'll be chatting with Lucas Holt, founder of MidnightBSD. It's a slightly lesser-known fork of FreeBSD, with a focus on easy desktop use. We'll find out what's different about it and why it was created. Answers to your emails and all this week's news, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
Zocker, it's like docker on FreeBSD
Containment is always a hot topic, and docker has gotten a lot of hype in Linux land in the last couple years - they're working on native FreeBSD support at the moment
This blog post is about a docker-like script, mainly for ease-of-use, that uses only jails and ZFS in the base system
In total, it's 1,500 lines of shell script
The post goes through the process of using the tool, showing off all the subcommands and explaining the configuration
In contrast to something like ezjail, Zocker utilizes the jail.conf system in the 10.x branch
***
Patrol Read in OpenBSD
OpenBSD has recently imported some new code to support the Patrol Read function of some RAID controllers
In a nutshell, Patrol Read is a function that lets you check the health of your drives in the background, similar to a zpool "scrub" operation
The goal is to protect file integrity by detecting drive failures before they can damage your data
It detects bad blocks and prevents silent data corruption, while marking any bad sectors it finds
***
HAMMER 2 improvements
DragonFly BSD has been working on the second generation HAMMER FS
It now uses LZ4 compression by default, which we've been big fans of in ZFS
They've also switched to a faster CRC algorithm, further improving HAMMER's performance, especially when using iSCSI
***
FreeBSD foundation May update
The FreeBSD foundation has published another update newsletter, detailing some of the things they've been up to lately
In it, you'll find some development status updates: notably more ARM64 work and the addition of 64 bit Linux emulation
Some improvements were also made to FreeBSD's release building process for non-X86 architectures
There's also an AsiaBSDCon recap that covers some of the presentations and the dev events
They also have an accompanying blog post where Glen Barber talks about more sysadmin and clusteradm work at NYI
***
Interview - Lucas Holt - [email protected] / @midnightbsd
MidnightBSD
News Roundup
The launchd on train is never coming
Replacement of init systems has been quite controversial in the last few years
Fortunately, the BSDs have avoided most of that conflict thus far, but there have been a few efforts made to port launchd from OS X
This blog post details the author's opinion on why he thinks we're never going to have launchd in any of the BSDs
Email us your thoughts on the matter
***
Native SSH comes to… Windows
In what may be the first (and last) mention of Microsoft on BSD Now...
They've just recently announced that PowerShell will get native SSH support in the near future
It's not based on the commercial SSH either, it's the same one from OpenBSD that we already use everywhere
Up until now, interacting between BSD and Windows has required something like PuTTY, WinSCP, FileZilla or Cygwin - most of which are based on really outdated versions
The announcement also promises that they'll be working with the OpenSSH community, so we'll see how many Microsoft-submitted patches make it upstream (or how many donations they make)
***
Moving to FreeBSD
This blog post describes a long-time Linux user's first BSD switching experience
The author first talks about his Linux journey, eventually coming to love the more customization-friendly systems, but the journey ended with systemd
After doing a bit of research, he gave FreeBSD a try and ended up liking it - the rest of the post mostly covers why that is
He also plans to write about his experience with other BSDs, and is writing some tutorials too - we'll check in with him again later on
***
Feedback/Questions
Adam writes in
Dan writes in
Ivan writes in
Josh writes in
***
...more
1h 8min
May 27, 201591: Vox Populi
This week on the show, we've got something pretty different. We went to a Linux convention and asked various people if they've ever tried BSD and what they know about it. Stay tuned for that, all this week's news and, of course, answers to your emails, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
LUKS in OpenBSD
Last week, we were surprised to find out that DragonFlyBSD has support for dm-crypt, sometimes referred to as LUKS (Linux Unified Key Setup)
It looks like they might not be the only BSD with support for it for much longer, as OpenBSD is currently reviewing a patch for it as well
LUKS would presumably be an additional option in OpenBSD's softraid system, which already provides native disk encryption
Support hasn't been officially committed yet, it's still going through testing, but the code is there if you want to try it out and report your findings
If enabled, this might pave the way for the first (semi-)cross platform encryption scheme since the demise of TrueCrypt (and maybe other BSDs will get it too in time)
***
FreeBSD gets 64bit Linux emulation
For those who might be unfamiliar, FreeBSD has an emulation layer to run Linux-only binaries (as rare as they may be)
The most common use case is for desktop users, enabling them to run proprietary applications like Adobe Flash or Skype
Similar systems can also be found in NetBSD and OpenBSD (though disabled by default on the latter)
However, until now, it's only supported binaries compiled for the i386 architecture
This new update, already committed to -CURRENT, will open some new possibilities that weren't previously possible
Meanwhile, HardenedBSD considers removing the emulation layer entirely
***
BSD at Open Source Conference 2015 Nagoya
We've covered the Japanese NetBSD users group setting up lots of machines at various conferences in the past, but now they're expanding
Their latest report includes many of the NetBSD things you'd expect, but also a couple OpenBSD machines
Some of the NetBSD ones included a Power Mac G4, SHARP NetWalker, Cubieboard2 and the not-so-foreign Raspberry Pi
One new addition of interest is the OMRON LUNA88k, running the luna88k port of OpenBSD
There was even an old cell phone running Windows games on NetBSD
Check the mailing list post for some links to all of the nice pictures
***
LLVM introduces OpenMP support
One of the things that has kept some people in the GCC camp is the lack of OpenMP support in LLVM
According to the blog post, it "enables Clang users to harness full power of modern multi-core processors with vector units"
With Clang being the default in FreeBSD, Bitrig and OS X, and with some other BSDs exploring the option of switching, the need for this potential speed boost was definitely there
This could also open some doors for more BSD in the area of high performance computing, putting an end to the current Linux monopoly
***
Interview - Eric, FSF, John, Jose, Kris and Stewart
Various "man on the street" style mini-interviews
News Roundup
BSD-licensed gettext replacement
If you've ever installed ports on any of the BSDs, you've probably had GNU's gettext pulled in as a dependency
Wikipedia says "gettext is an internationalization and localization (i18n) system commonly used for writing multilingual programs on Unix-like computer operating systems"
A new BSD-licensed rewrite has begun, with the initial version being for NetBSD (but it's likely to be portable)
If you've got some coding skills, get involved with the project - the more freely-licensed replacements, the better
***
Unix history git repo
A git repository was recently created to show off some Unix source code history
The repository contains 659 thousand commits and 2306 merges
You can see early 386BSD commits all the way up to some of the more modern FreeBSD code
If you want to browse through the giant codebase, it can be a great history lesson
***
PCBSD 10.1.2 and Lumina updates
We mentioned 10.1.1 being released last week (and all the cool features a couple weeks before) but now 10.1.2 is out
This minor update contained a few hotfixes: RAID-Z installation, cache and log devices and the text-only installer in UEFI mode
There's also a new post on the PCBSD blog about Lumina, answering some frequently asked questions and giving a general status update
***
Feedback/Questions
Jake writes in
Van writes in
Anonymous writes in
Dominik writes in (text answer)
Chris writes in
***
Mailing List Gold
Death by chocolate
***
...more
1h 13min
May 20, 201590: ZFS Armistice
This time on the show, we'll be chatting with Jed Reynolds about ZFS. He's been using it extensively on a certain other OS, and we can both learn a bit about the other side's implementation. Answers to your questions and all this week's news, coming up on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
Playing with sandboxing
Sandboxing and privilege separation are popular topics these days - they're the goal of the new "shill" scripting language, they're used heavily throughout OpenBSD, and they're gaining traction with the capsicum framework
This blog post explores capsicum in FreeBSD, some of its history and where it's used in the base system
They also include some code samples so you can verify that capsicum is actually denying the program access to certain system calls
Check our interview about capsicum from a while back if you haven't seen it already
***
OpenNTPD on by default
OpenBSD has enabled ntpd by default in the installer, rather than prompting the user if they want to turn it on
In nearly every case, you're going to want to have your clock synced via NTP
With the HTTPS constraints feature also enabled by default, this should keep the time checked and accurate, even against spoofing attacks
Lots of problems can be traced back to the time on one system or another being wrong, so this will also eliminate some of those cases
For those who might be curious, they're using the "pool.ntp.org" cluster of addresses and google for HTTPS constraints (but these can be easily changed)
***
FreeBSD workshop in Landshut
We mentioned a BSD installfest happening in Germany a few weeks back, and the organizer wrote in with a review of the event
The installfest instead became a "FreeBSD workshop" session, introducing curious new users to some of the flagship features of the OS
They covered when to use UFS or ZFS, firewall options, the release/stable/current branches and finally how to automate installations with Ansible
If you're in south Germany and want to give similar introduction talks or Q&A sessions about the other BSDs, get in touch
We'll hear more from him about how it went in the feedback section today
***
Swap encryption in DragonFly
Doing full disk encryption is very important, but something that people sometimes overlook is encrypting their swap
This can actually be more important than the contents of your disks, especially if an unencrypted password or key hits your swap (as it can be recovered quite easily)
DragonFlyBSD has added a new experimental option to automatically encrypt your swap partition in fstab
There was another way to do it previously, but this is a lot easier
You can achieve similar results in FreeBSD by adding ".eli" to the end of the swap device in fstab, there are a few steps to do it in NetBSD and swap in OpenBSD is encrypted by default
A one-time key will be created and then destroyed in each case, making recovery of the plaintext nearly impossible
***
Interview - Jed Reynolds - [email protected] / @jed_reynolds
Comparing ZFS on Linux and FreeBSD
News Roundup
USB thermometer on OpenBSD
So maybe you've got BSD on your server or router, maybe NetBSD on a toaster, but have you ever used a thermometer with one?
This blog post introduces the RDing TEMPer Gold USB thermometer, a small device that can tell the room temperature, and how to get it working on OpenBSD
Wouldn't you know it, OpenBSD has a native "ugold" driver to support it with the sensors framework
How useful such a device would be is another story though
***
NAS4Free now on ARM
We talk a lot about hardware for network-attached storage devices on the show, but ARM doesn't come up a lot
That might be changing soon, as NAS4Free has just released some ARM builds
These new (somewhat experimental) images are based on FreeBSD 11-CURRENT
Included in the announcement is a list of fully-supported and partially-supported hardware that they've tested it with
If anyone has experience with running a NAS on slightly exotic hardware, write in to us
***
pkgsrcCon 2015 CFP and info
This year's pkgsrcCon will be in Berlin, Germany on July 4th and 5th
They're looking for talk proposals and ideas for things you'd like to see
If you or your company uses pkgsrc, or if you're just interested in NetBSD in general, it would be a good event to check out
***
BSDTalk episode 253
BSDTalk has released another new episode
In it, he interviews George Neville-Neil about the 2nd edition of "The Design and Implementation of the FreeBSD Operating System"
They discuss what's new since the last edition, who the book's target audience is and a lot more
We're up to 90 episodes now, slowly catching up to Will...
***
Feedback/Questions
Dominik writes in
Brad writes in
Corvin writes in
James writes in
***
...more
1h 14min
May 13, 201589: Exclusive Disjunction
This week on the show, we'll be talking to Mike Larkin about various memory protections in OpenBSD. We'll cover recent WX improvements, SSP, ASLR, PIE and all kinds of acronyms! We've also got a bunch of news and answers to your questions, coming up on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
OpenSMTPD for the whole family
Setting up a BSD mail server is something a lot of us are probably familiar with doing, at least for our own accounts
This article talks about configuring a home mail server too, but even for the other people you live with
After convincing his wife to use their BSD-based Owncloud server for backups, the author talks about moving her over to his brand new OpenSMTPD server too
If you've ever run a mail server and had to deal with greylisting, you'll appreciate the struggle he went through
In the end, BGP-based list distribution saved the day, and his family is being served well by a BSD box
***
NetBSD on the Edgerouter Lite
We've talked a lot about building your own BSD-based router on the show, but not many of the devices we mention are in the same price range as consumer devices
The EdgeRouter Lite, a small MIPS-powered machine, is starting to become popular (and is a bit cheaper)
A NetBSD developer has been hacking on it, and documents the steps to get a working install in this blog post
The process is fairly simple, and you can cross-compile your own installation image on any CPU architecture (even from another BSD!)
OpenBSD and FreeBSD also have some support for these devices
***
Bitrig at NYC*BUG
The New York City BSD users group has semi-regular meetings with presentations, and this time the speaker was John Vernaleo
John discussed Bitrig, an OpenBSD fork that we've talked about a couple times on the show
He talks about what they've been up to lately, why they're doing what they're doing, difference in supported platforms
Ports and packages between the two projects are almost exactly the same, but he covers the differences in the base systems, how (some) patches get shared between the two and finally some development model differences
***
OPNsense, meet HardenedBSD
Speaking of forks, two FreeBSD-based forked projects we've mentioned on the show, HardenedBSD and OPNsense, have decided to join forces
Backporting their changes to the 10-STABLE branch, HardenedBSD hopes to introduce some of their security additions to the OPNsense codebase
Paired up with LibreSSL, this combination should offer a good solution for anyone wanting a BSD-based firewall with an easy web interface
We'll cover more news on the collaboration as it comes out
***
Interview - Mike Larkin - [email protected] / @mlarkin2012
Memory protections in OpenBSD: WX, ASLR, PIE, SSP
News Roundup
A closer look at FreeBSD
The week wouldn't be complete without at least one BSD article making it to a mainstream tech site
This time, it's a high-level overview of FreeBSD, some of its features and where it's used
Being that it's an overview article on a more mainstream site, you won't find anything too technical - it covers some BSD history, stability, ZFS, LLVM and Clang, ports and packages, jails and the licensing
If you have any BSD-curious Linux friends, this might be a good one to send to them
***
Linksys NSLU2 and NetBSD
The Linksys NSLU2 is a proprietary network-attached storage device introduced back in 2004
"About 2 months ago I set a goal to run some kind of BSD on the spare Linksys NSLU2 I had. This was driven mostly by curiosity, after listening to a few BSDNow episodes and becoming a regular listener [...]"
After doing some research, the author of this post discovered that he could cross-compile NetBSD for the device straight from his Linux box
If you've got one of these old devices kicking around, check out this write-up and get some BSD action on there
***
OpenBSD disklabel templates
We've covered OpenBSD's "autoinstall" feature for unattended installations in the past, but one area where it didn't offer a lot of customization was with the disk layout
With a few recent changes, there are now a series of templates you can use for a completely customized partition scheme
This article takes you through the process of configuring an autoinstall answer file and adding the new section for disklabel
Combine this new feature with our -stable iso tutorial, and you could deploy completely patched and customized images en masse pretty easily
***
FreeBSD native ARM builds
FreeBSD -CURRENT builds for the ARM CPU architecture can now be built natively, without utilities that aren't part of base
Some of the older board-specific kernel configuration files have been replaced, and now the "IMC6" target is used
This goes along with what we read in the most recent quarterly status report - ARM is starting to get treated as a first class citizen
***
Feedback/Questions
Sean writes in
Ron writes in
Charles writes in
Bostjan writes in
***
...more
1h 4min
May 06, 201588: Below the Clouds
This time on the show, we'll be talking with Ed Schouten about CloudABI. It's a new application binary interface with a strong focus on isolation and restricted capabilities. As always, all this week's BSD news and answers to your emails, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
FreeBSD quarterly status report
The FreeBSD team has posted a report of the activities that went on between January and March of this year
As usual, it's broken down into separate reports from the various teams in the project (ports, kernel, virtualization, etc)
The ports team continuing battling the flood of PRs, closing quite a lot of them and boasting nearly 7,000 commits this quarter
The core team and cluster admins dealt with the accidental deletion of the Bugzilla database, and are making plans for an improved backup strategy within the project going forward
FreeBSD's future release support model was also finalized and published in February, which should be a big improvement for both users and the release team
Some topics are still being discussed internally, mainly MFCing ZFS ARC responsiveness patches to the 10 branch and deciding whether to maintain or abandon C89 support in the kernel code
Lots of activity is happening in bhyve, some of which we've covered recently, and a number of improvements were made this quarter
Clang, LLVM and LLDB have been updated to the 3.6.0 branch in -CURRENT
Work to get FreeBSD booting natively on the POWER8 CPU architecture is also still in progress, but it does boot in KVM for the time being
The project to replace forth in the bootloader with lua is in its final stages, and can be used on x86 already
ASLR work is still being done by the HardenedBSD guys, and their next aim is position-independent executable
The report also touches on multipath TCP support, the new automounter, opaque ifnet, pkgng updates, secureboot (which should be in 10.2-RELEASE), GNOME and KDE on FreeBSD, PCIe hotplugging, nested kernel support and more
Also of note: work is going on to make ARM a Tier 1 platform in the upcoming 11.0-RELEASE (and support for more ARM boards is still being added, including ARM64)
***
OpenBSD 5.7 released
OpenBSD has formally released another new version, complete with the giant changelog we've come to expect
In the hardware department, 5.7 features many driver improvements and fixes, as well as support for some new things: USB 3.0 controllers, newer Intel and Atheros wireless cards and some additional 10gbit NICs
If you're using one of the Soekris boards, there's even a new driver to manipulate the GPIO and LEDs on them - this has some fun possibilities
Some new security improvements include: SipHash being sprinkled in some areas to protect hashing functions, big WX improvements in the kernel space, static PIE on all architectures, deterministic "random" functions being replaced with strong randomness, and support for remote logging over TLS
The entire source tree has also been audited to use reallocarray, which unintentionally saved OpenBSD's libc from being vulnerable to earlier attacks affecting other BSDs' implementations
Being that it's OpenBSD, a number of things have also been removed from the base system: procfs, sendmail, SSLv3 support and loadable kernel modules are all gone now (not to mention the continuing massacre of dead code in LibreSSL)
Some people seem to be surprised about the removal of loadable modules, but almost nothing utilized them in OpenBSD, so it was really just removing old code that no one used anymore - very different from FreeBSD or Linux in this regard, where kernel modules are used pretty heavily
BIND and nginx have been taken out, so you'll need to either use the versions in ports or switch to Unbound and the in-base HTTP daemon
Speaking of httpd, it's gotten a number of new features, and has had time to grow and mature since its initial debut - if you've been considering trying it out, now would be a great time to do so
This release also includes the latest OpenSSH (with stronger fingerprint types and host key rotation), OpenNTPD (with the HTTPS constraints feature), OpenSMTPD, LibreSSL and mandoc
Check the errata page for any post-release fixes, and the upgrade guide for specific instructions on updating from 5.6
Groundwork has also been laid for some major SMP scalability improvements - look forward to those in future releases
There's a song and artwork to go along with the release as always, and CDs should be arriving within a few days - we'll show some pictures next week
Consider picking one up to support the project (and it's the only way to get puffy stickers)
For those of you paying close attention, the banner image for this release just might remind you of a certain special episode of BSD Now...
***
Tor-BSD diversity project
We've talked about Tor on the show a few times, and specifically about getting more of the network on BSD (Linux has an overwhelming majority right now)
A new initiative has started to do just that, called the Tor-BSD diversity project
"Monocultures in nature are dangerous, as vulnerabilities are held in common across a broad spectrum. Diversity means single vulnerabilities are less likely to harm the entire ecosystem. [...] A single kernel vulnerability in GNU/Linux that impacting Tor relays could be devastating. We want to see a stronger Tor network, and we believe one critical ingredient for that is operating system diversity."
In addition to encouraging people to put up more relays, they're also continuing work on porting the Tor Browser Bundle to BSD, so more desktop users can have easy access to online privacy
There's an additional progress report for that part specifically, and it looks like most of the work is done now
Engaging the broader BSD community about Tor and fixing up the official documentation are also both on their todo list
If you've been considering running a node to help out, there's always our handy tutorial on getting set up
***
PC-BSD 10.1.2-RC1 released
If you want a sneak peek at the upcoming PC-BSD 10.1.2, the first release candidate is now available to grab
This quarterly update includes a number of new features, improvements and even some additional utilities
PersonaCrypt is one of them - it's a new tool for easily migrating encrypted home directories between systems
A new "stealth mode" option allows for a one-time login, using a blank home directory that gets wiped after use
Similarly, a new "Tor mode" allows for easy tunneling of all your traffic through the Tor network
IPFW is now the default firewall, offering improved VIMAGE capabilities
The life preserver backup tool now allows for bare-metal restores via the install CD
ISC's NTP daemon has been replaced with OpenNTPD, and OpenSSL has been replaced with LibreSSL
It also includes the latest Lumina desktop, and there's another post dedicated to that
Binary packages have also been updated to fresh versions from the ports tree
More details, including upgrade instructions, can be found in the linked blog post
***
Interview - Ed Schouten - [email protected] / @edschouten
CloudABI
News Roundup
Open Household Router Contraption
This article introduces OpenHRC, the "Open Household Router Contraption"
In short, it's a set of bootstrapping scripts to turn a vanilla OpenBSD install into a feature-rich gateway device
It also makes use of Ansible playbooks for configuration, allowing for a more "mass deployment" type of setup
Everything is configured via a simple text file, and you end up with a local NTP server, DHCP server, firewall (obviously) and local caching DNS resolver - it even does DNSSEC validation
All the code is open source and on Github, so you can read through what's actually being changed and put in place
There's also a video guide to the entire process, if you're more of a visual person
***
OPNsense 15.1.10 released
Speaking of BSD routers, if you're looking for a "prebuilt and ready to go" option, OPNsense has just released a new version
15.1.10 drops some of the legacy patches they inherited from pfSense, aiming to stay closer to the mainline FreeBSD source code
Going along with this theme, they've redone how they do ports, and are now kept totally in sync with the regular ports tree
Their binary packages are now signed using the fingerprint-style method, various GUI menus have been rewritten and a number of other bugs were fixed
NanoBSD-based images are also available now, so you can try it out on hardware with constrained resources as well
Version 15.1.10.1 was released shortly thereafter, including a hotfix for VLANs
***
IBM Workpad Z50 and NetBSD
Before the infamous netbook fad came and went, IBM had a handheld PDA device that looked pretty much the same
Back in 1999, they released the Workpad Z50 with Windows CE, sporting a 131MHz MIPS CPU, 16MB of RAM and a 640x480 display
You can probably tell where this is going... the article is about installing NetBSD it
"What prevents me from taking my pristine Workpad z50 to the local electronics recycling facility is NetBSD. With a little effort it is possible to install recent versions of NetBSD on the Workpad z50 and even have XWindows running"
The author got pkgsrc up and running on it too, and cleverly used distcc to offload the compiling jobs to something a bit more modern
He's also got a couple videos of the bootup process and running Xorg (neither of which we'd call "speedy" by any stretch of the imagination)
***
FreeBSD from the trenches
The FreeBSD foundation has a new blog post up in their "from the trenches" series, detailing FreeBSD in some real-world use cases
In this installment, Glen Barber talks about how he sets up all his laptops with ZFS and GELI
While the installer allows for an automatic ZFS layout, Glen notes that it's not a one-size-fits-all thing, and goes through doing everything manually
Each command is explained, and he walks you through the process of doing an encrypted installation on your root zpool
***
Broadwell in DragonFly
DragonFlyBSD has officially won the race to get an Intel Broadwell graphics driver
Their i915 driver has been brought up to speed with Linux 3.14's, adding not only Broadwell support, but many other bugfixes for other cards too
It's planned for commit to the main tree very soon, but you can test it out with a git branch for the time being
***
Feedback/Questions
Bostjan writes in
Hunter writes in
Hrishi writes in
Clint writes in
Sergei writes in
***
Mailing List Gold
How did you guess
***
...more
1h 34min
April 29, 201587: On the List
Coming up this time on the show, we'll be speaking with Christos Zoulas, a NetBSD security officer. He's got a new project called blacklistd, with some interesting possibilities for stopping bruteforce attacks. We've also got answers to your emails and all this week's news, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
New PAE support in OpenBSD
OpenBSD has just added Physical Address Extention support to the i386 architecture, but it's probably not what you'd think of when you hear the term
In most operating systems, PAE's main advantage is to partially circumvent the 4GB memory limit on 32 bit platforms - this version isn't for that
Instead, this change specifically allows the system to use the No-eXecute Bit of the processor for the userland, further hardening the in-place memory protections
Other operating systems enable the CPU feature without doing anything to the page table entries, so they do get the available memory expansion, but don't get the potential security benefit
As we discussed in a previous episode, the AMD64 platform already saw some major WX kernel and userland improvements - the i386 kernel reworking will begin shortly
Not all CPUs support this feature, but, if yours supports NX, this will improve upon the previous version of WX that was already there
The AMD64 improvements will be in 5.7, due out in just a couple days as of when we're recording this, but the i386 improvements will likely be in 5.8
***
Booting Windows in bhyve
Work on FreeBSD's bhyve continues, and a big addition is on the way
Thus far, bhyve has only been able to boot operating systems with a serial console - no VGA, no graphics, no Windows
This is finally changing, and a teasing screenshot of Windows Server was recently posted on Twitter
Graphics emulation is still in the works; this image was taken by booting headless and using RDP
A lot of the needed code is being committed to -CURRENT now, but the UEFI portion of it requires a bit more development (and the aim for that is around the time of BSDCan)
Not a lot of details on the matter currently, but we'll be sure to bring you more info as it comes out
Are you more interested in bhyve or Xen on FreeBSD? Email us your thoughts
***
MidnightBSD 0.6 released
MidnightBSD is a smaller project we've not covered a lot on the show before
It's an operating system that was forked from FreeBSD back in the 6.1 days, and their focus seems to be on ease-of-use
They also have their own, smaller version of FreeBSD ports, called "mports"
If you're already using it, this new version is mainly a security and bugfix release
It syncs up with the most recent FreeBSD security patches and gets a lot of their ports closer to the latest versions
You can check their site for more information about the project
We're trying to get the lead developer to come on for an interview, but haven't heard anything back yet
***
OpenBSD rewrites the file utility
We're all probably familiar with the traditional file command - it's been around since the 1970s
For anyone who doesn't know, it's used to determine what type of file something actually is
This tool doesn't see a lot of development these days, and it's had its share of security issues as well
Some of those security issues remain unfixed in various BSDs even today, despite being publicly known for a while
It's not uncommon for people to run file on random things they download from the internet, maybe even as root, and some of the previous bugs have allowed file to overwrite other files or execute code as the user running it
When you think about it, file was technically designed to be used on untrusted files
OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux, decided it was time to do a complete rewrite - this time with modern coding practices and the usual OpenBSD scrutiny
This new version will, by default, run as an unprivileged user with no shell, and in a systrace sandbox, strictly limiting what system calls can be made
With these two things combined, it should drastically reduce the damage a malicious file could potentially do
Ian Darwin, the original author of the utility, saw the commit and replied, in what may be a moment in BSD history to remember
It'll be interesting to see if the other BSDs, OS X, Linux or other UNIXes consider adopting this implementation in the future - someone's already thrown together an unofficial portable version
Coincidentally, the lead developer and current maintainer of file just happens to be our guest today…
***
Interview - Christos Zoulas - [email protected]
blacklistd and NetBSD advocacy
News Roundup
GSoC-accepted BSD projects
The Google Summer of Code people have published a list of all the projects that got accepted this year, and both FreeBSD and OpenBSD are on that list
FreeBSD's list includes: NE2000 device model in userspace for bhyve, updating Ficl in the bootloader, type-aware kernel virtual memory access for utilities, JIT compilation for firewalls, test cluster automation, Linux packages for pkgng, an mtree parsing and manipulation library, porting bhyve to ARM-based platforms, CD-ROM emulation in CTL, libc security extensions, gptzfsboot support for dynamically discovering BEs during startup, CubieBoard support, a bhyve version of the netmap virtual passthrough for VMs, PXE support for FreeBSD guests in bhyve and finally.. memory compression and deduplication
OpenBSD's list includes: asynchronous USB transfer submission from userland, ARM SD/MMC & controller driver in libsa, improving USB userland tools and ioctl, automating module porting, implementing a KMS driver to the kernel and, wait for it... porting HAMMER FS to OpenBSD
We'll be sure to keep you up to date on developments from both projects
Hopefully the other BSDs will make the cut too next year
***
FreeBSD on the Gumstix Duovero
If you're not familiar with the Gumstix Duovero, it's an dual core ARM-based computer-on-module
They actually look more like a stick of RAM than a mini-computer
This article shows you how to build a FreeBSD -CURRENT image to run on them, using crochet-freebsd
If anyone has any interesting devices like this that they use BSD on, write up something about it and send it to us
***
EU study recommends OpenBSD
A recent study by the European Parliament was published, explaining that more funding should go into critical open source projects and tools
This is especially important, in all countries, after the mass surveillance documents came out
"[...] the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts."
The report goes on to mention users becoming more and more security and privacy-aware, installing additional software to help protect themselves and their traffic from being spied on
Alongside Qubes, a Linux distro focused on containment and isolation, OpenBSD got a special mention: "Proactive security and cryptography are two of the features highlighted in the product together with portability, standardisation and correctness. Its built-in cryptography and packet filter make OpenBSD suitable for use in the security industry, for example on firewalls, intrusion-detection systems and VPN gateways"
Reddit, Undeadly and Hacker News also had some discussion, particularly about corporations giving back to the BSDs that they make use of in their infrastructure - something we've discussed with Voxer and M:Tier before
***
FreeBSD workflow with Git
If you're interested in contributing to FreeBSD, but aren't a big fan of SVN, they have a Github mirror too
This mailing list post talks about interacting between the official source repository and the Git mirror
This makes it easy to get pull requests merged into the official tree, and encourages more developers to get involved
***
Feedback/Questions
Sean writes in
Bryan writes in
Sean writes in
Charles writes in
***
...more
1h 22min
April 22, 201586: Business as Usual
Coming up this time on the show, we'll be chatting with Antoine Jacoutot about how M:Tier uses BSD in their business. After that, we'll be discussing the different release models across the BSDs, and which style we like the most. As always, answers to your emails and all the latest news, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
Optimizing TLS for high bandwidth applications
Netflix has released a report on some of their recent activities, pushing lots of traffic through TLS on FreeBSD
TLS has traditionally had too much overhead for the levels of bandwidth they're using, so this pdf outlines some of their strategy in optimizing it
The sendfile() syscall (which nginx uses) isn't available when data is encrypted in userland
To get around this, Netflix is proposing to add TLS support to the FreeBSD kernel
Having encrypted movie streams would be pretty neat
***
Crypto in unexpected places
OpenBSD is somewhat known for its integrated cryptography, right down to strong randomness in every place you could imagine (process IDs, TCP initial sequence numbers, etc)
One place you might not expect crypto to be used (or even needed) is in the "ping" utility, right? Well, think again
David Gwynne recently committed a change that adds MAC to the ping timestamp payload
By default, it'll be filled with a ChaCha stream instead of an unvarying payload, and David says "this lets us have some confidence that the timestamp hasn't been damaged or tampered with in transit"
Not only is this a security feature, but it should also help detect dodgy or malfunctioning network equipment going forward
Maybe we can look forward to a cryptographically secure "echo" command next...
***
Broadwell in DragonFly
The DragonFlyBSD guys have started a new page on their wiki to discuss Broadwell hardware and its current status
Matt Dillon, the project lead, recently bought some hardware with this chipset, and lays out what works and what doesn't work
The two main show-stoppers right now are the graphics and wireless, but they have someone who's already making progress with the GPU support
Wireless support will likely have to wait until FreeBSD gets it, then they'll port it back over
None of the BSDs currently have full Broadwell support, so stay tuned for further updates
***
DIY NAS software roundup
In this blog post, the author compares a few different software solutions for a network attached storage device
He puts FreeNAS, one of our favorites, up against a number of opponents - both BSD and Linux-based
NAS4Free gets an honorable mention as well, particularly for its lower hardware requirements and sleek interface
If you've been thinking about putting together a NAS, but aren't quite comfortable enough to set it up by yourself yet, this article should give you a good view of the current big names
Some competition is always good, gotta keep those guys on their toes
***
Interview - Antoine Jacoutot - [email protected] / @ajacoutot
OpenBSD at M:Tier, business adoption of BSD, various topics
News Roundup
OpenBSD on DigitalOcean
When DigitalOcean rolled out initial support for FreeBSD, it was a great step in the right direction - we hoped that all the other BSDs would soon follow
This is not yet the case, but a blog article here has details on how you can install OpenBSD (and likely the others too) on your VPS
Using a -current snapshot and some swapfile trickery, it's possible to image an OpenBSD ramdisk installer onto an unmounted portion of the virtual disk
After doing so, you just boot from their web UI-based console and can perform a standard installation
You will have to pay special attention to some details of the disk layout, but this article takes you through the entire process step by step
***
Initial ARM64 support lands in FreeBSD
The ARM64 architecture, sometimes called ARMv8 or AArch64, is a new generation of CPUs that will mostly be in embedded devices
FreeBSD has just gotten support for this platform in the -CURRENT branch
Previously, it was only the beginnings of the kernel and enough bits to boot in QEMU - now a full build is possible
Work should now start happening in the main source code tree, and hopefully they'll have full support in a branch soon
***
Scripting with least privilege
A new scripting language with a focus on privilege separation and running with only what's absolutely needed has been popular in the headlines lately
Shell scripts are used everywhere today: startup scripts, orchestration scripts for mass deployment, configuring and compiling software, etc.
Shill aims to answer the questions "how do we limit the authority of scripts" and "how do we determine what authority is necessary" by including a declarative security policy that's checked and enforced by the language runtime
If used on FreeBSD, Shill will use Capsicum for sandboxing
You can find some more of the technical information in their documentation pdf or watch their USENIX presentation video
Hacker News also had some discussion on the topic
***
OpenBSD first impressions
A brand new BSD user has started documenting his experience through a series of blog posts
Formerly a Linux guy, he's tried out FreeBSD and OpenBSD so far, and is currently working on an OpenBSD desktop
The first post goes into why he chose BSD at all, why he's switching away from Linux, how the initial transition has been, what you'll need to relearn and what he's got planned going forward
He's only been using OpenBSD for a few days as of the time this was written - we don't usually get to hear from people this early in on their BSD journey, so it offers a unique perspective
***
PCBSD and 4K oh my!
Yesterday, Kris got ahold of some 4K monitor hardware to test PC-BSD out
The short of it - It works great!
Minor tweaks being made to some of the PC-BSD defaults to better accommodate 4K out of box
This particular model monitor ships with DisplayPort set to 1.1 mode only, switching it to 1.2 mode enables 60Hz properly
***
Feedback/Questions
Darin writes in
Mitch writes in
***
Discussion
Comparison of BSD release cycles
FreeBSD, OpenBSD, NetBSD and DragonFlyBSD
***
...more
1h 45min

FAQs about BSD Now:

How many episodes does BSD Now have?

The podcast currently has 634 episodes available.

More shows like BSD Now

Security Now (Audio) by TWiT

Security Now (Audio)

1,971 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

272 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

283 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

265 Listeners

Python Bytes by Michael Kennedy and Brian Okken

Python Bytes

215 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

154 Listeners

Home Assistant Podcast by HK Media

Home Assistant Podcast

65 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

189 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

Late Night Linux Family All Episodes by The Late Night Linux Family

Late Night Linux Family All Episodes

44 Listeners

Linux Dev Time by The Late Night Linux Family

Linux Dev Time

21 Listeners

Self-Hosted by Jupiter Broadcasting

Self-Hosted

135 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

92 Listeners

Linux After Dark by The Late Night Linux Family

Linux After Dark

29 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

47 Listeners