BSD Now

By JT Pennington

Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as... more

4.9

8989 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about BSD Now:

How many episodes does BSD Now have?

The podcast currently has 634 episodes available.

BSD Now episodes:

September 17, 201455: The Promised WLAN
Coming up this week, we'll be talking with Adrian Chadd about all things wireless, his experience with FreeBSD on various laptop hardware and a whole lot more. As usual, we've got the latest news and answers to all your emails, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
FreeBSD 10.1-BETA1 is out
The first maintenance update in the 10.x series of FreeBSD is on its way
Since we can't see a changelog yet, the 10-STABLE release notes offer a glimpse at some of the new features and fixes that will be included in 10.1
The vt driver was merged from -CURRENT, lots of drivers were updated, lots of bugs were fixed and bhyve also got many improvements from 11
Initial UEFI support, multithreaded softupdates for UFS and many more things were added
You can check the release schedule for the planned release dates
Details for the various forms of release media can be found in the announcement
***
Remote headless OpenBSD installation
A lot of server providers only offer a limited number of operating systems to be easily installed on their boxes
Sometimes you'll get lucky and they'll offer FreeBSD, but it's much harder to find ones that natively support other BSDs
This article shows how you can use a Linux-based rescue system, a RAM disk and QEMU to install OpenBSD on the bare metal of a server, headlessly and remotely
It required a few specific steps you'll want to take note of, but is extremely useful for those pesky hosting providers
***
Building a firewall appliance with pfSense
In this article, we learn how to easily set up a gateway and wireless access point with pfSense on a Netgate ALIX2C3 APU
After the author's modem died, he decided to look into a more do-it-yourself option with pf and a tiny router board
The hardware he used has gigabit ports and a BSD-compatible wireless card, as well as enough CPU power for a modest workload and a few services (OpenVPN, etc.)
There's a lot of great pictures of the hardware and detailed screenshots, definitely worth a look
***
Receive Side Scaling - UDP testing
Adrian Chadd has been working on RSS (Receive Side Scaling) in FreeBSD, and gives an update on the progress
He's using some quad core boxes with 10 gigabit ethernet for the tests
The post gives lots of stats and results from his network benchmark, as well as some interesting workarounds he had to do
He also provides some system configuration options, sysctl knobs, etc. (if you want to try it out)
And speaking of Adrian Chadd...
***
Interview - Adrian Chadd - [email protected] / @erikarn
BSD on laptops, wifi, drivers, various topics
News Roundup
Sendmail removed from OpenBSD
Mail server admins around the world are rejoicing, because sendmail is finally gone from OpenBSD
With OpenSMTPD being a part of the base system, sendmail became largely redundant and unneeded
If you've ever compared a "sendmail.cf" file to an "smtpd.conf" file... the different is as clear as night and day
5.6 will serve as a transitional release, including both sendmail and OpenSMTPD, but 5.7 will be the first release without it
If you still need it for some reason, sendmail will live in ports from now on
Hopefully FreeBSD will follow suit sometime in the future as well, possibly including DragonFly's mail transfer agent in base (instead of an entire mail server)
***
pfSense backups with pfmb
We've mentioned the need for a tool to back up pfSense configs a number of times on the show
This script, hosted on github, does pretty much exactly that
It can connect to one (or more!) pfSense installations and back up the configuration
You can roll back or replace failed hardware very easily with its restore function
Everything is done over SSH, so it should be pretty secure
***
The Design and Implementation of the FreeBSD Operating System
We mentioned when the pre orders were up, but now "The Design and Implementation of the FreeBSD Operating System, 2nd edition" seems to be shipping out
If you're interested in FreeBSD development, or learning about the operating system internals, this is a great book to buy
We've even had all three authors on the show before!
***
OpenBSD's systemd replacement updates
We mentioned last week that the news of OpenBSD creating systemd wrappers was getting mainstream attention
One of the developers writes in to Undeadly, detailing what's going on and what the overall status is
He also clears up any confusion about "porting systemd to BSD" (that's not what's going on) or his code ever ending up in base (it won't)
The top comment as of right now is a Linux user asking if his systemd wrappers can be ported back to Linux... poor guy
***
Feedback/Questions
Brad writes in
Ben writes in
Mathieu writes in
Steve writes in
***
...more
1h 20min
September 10, 201454: Luminary Environment
This week on the show, it's all about Lumina. We'll be giving you a visual walkthrough of the new BSD-exclusive desktop environment, as well as chatting with the main developer. There's also answers to your emails and all the latest news, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
Portscout ported to OpenBSD
Portscout is a popular utility used in the FreeBSD ports infrastructure
It lets port maintainers know when there's a new version of the upstream software available by automatically checking the distfile mirror
Now OpenBSD porters can enjoy the same convenience, as it's been ported over
You can view the status online to see how it works and who maintains what
The developer who ported it is working to get all the current features working on OpenBSD, and added a few new features as well
He decided to fork and rename it a few days later
***
Sysadmins and systemd refugees flocking to BSD
With all the drama in Linux land about the rapid changes to their init system, a lot of people are looking at BSD alternatives
This "you got your Windows in my Linux" article (and accompanying comments) give a nice glimpse into the minds of some of those switchers
Both server administrators and regular everyday users are switching away from Linux, as more and more distros give them no choice but to use systemd
Fortunately, the BSD communities are usually very welcoming of switchers - it's pretty nice on this side!
***
OpenBSD's versioning schemes
Ted Unangst explains the various versioning systems within OpenBSD, from the base to libraries to other included software
In contrast to FreeBSD's release cycle, OpenBSD isn't as concerned with breaking backwards compatibility (but only if it's needed to make progress)
This allows them to innovate and introduce new features a lot more easily, and get those features in a stable release that everyone uses
He also details the difference between branches, their errata system and lack of "patch levels" for security
Some other things in OpenBSD don't have version numbers at all, like tmux
"Every release adds some new features, fixes some old bugs, probably adds a new bug or two, and, if I have anything to say about it, removes some old features."
***
VAXstation 4000 Model 90 booting NetBSD
We found a video of NetBSD booting on a 22 year old VAX workstation, circa 1992
This system has a monstrous 71 MHz CPU and 128MB of ECC RAM
It continues in part two, where we learn that it would've cost around $25,000 when it was released!
The uploader talks about his experiences getting NetBSD on it, what does and doesn't work, etc
It's interesting to see that such old hardware isn't necessarily obsolete just because newer things have come out since then (but maybe don't try to build world on it...)
***
Interview - Ken Moore - [email protected]
The Lumina desktop environment
Special segment
Lumina walkthrough
News Roundup
Suricata for IDS on pfSense
While most people are familiar with Snort as an intrusion detection system, Suricata is another choice
This guide goes through the steps of installing and configuring it on a public-facing pfSense box
Part two details some of the configuration steps
One other cool thing about Suricata - it's compatible with Snort rules, so you can use the same updates
There's also another recent post about snort as well, if that's more your style
If you run pfSense (or any BSD) as an edge router for a lot of users, this might be worth looking into
***
OpenBSD's systemd API emulation project
This story was pretty popular in the mainstream news this week
For the Google Summer of Code, a student is writing emulation wrappers for some of systemd's functions
There was consideration from some Linux users to port over the finished emulation back to Linux, so they wouldn't have to run the full systemd
One particularly interesting Slashdot comment snippet: "We are currently migrating a large number (much larger than planned after initial results) of systems from RHEL to BSD - a decision taken due to general unhappiness with RHEL6, but SystemD pushed us towards BSD rather than another Linux distro - and in some cases are seeing throughput gains of greater than 10% on what should be equivalent Linux and BSD server builds. The re-learning curve wasn't as steep as we expected, general system stability seems to be better too, and BSD's security reputation goes without saying."
It will NOT be in the base system - only in ports, and only installed as a dependency for things like newer GNOME that require such APIs
In the long run, BSD will still be safe from systemd's reign of terror, but will hopefully still be compatible with some third party packages like GNOME that insist on using it
***
GhostBSD 4 previewed
The GhostBSD project is moving along, slowly getting closer to the 4 release
This article shows some of the progress made, and includes lots of screenshots and interesting graphical frontends
If you're not too familiar with GhostBSD, we interviewed the lead developer a little while back
***
NetBSD on the Banana Pi
The Banana Pi is a tasty alternative to the Raspberry Pi, with similar hardware specs
In this blog post, a NetBSD developer details his experiences in getting NetBSD to run on it
After studying how the prebuilt Linux image booted, he made some notes and started hacking
Ethernet, one of the few things not working, is being looked into and he's hoping to get it fully supported for the upcoming NetBSD 7.0
They're only about $65 as of the time we're recording this, so it might be a fun project to try
***
Feedback/Questions
Antonio writes in
Garegin writes in
Erno writes in
Brandon writes in
***
...more
1h 19min
September 03, 201453: It's HAMMER Time
It's our one year anniversary episode, and we'll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it's going. After that, we'll show you the ins and outs of DragonFly's HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
FreeBSD foundation's new IPSEC project
The FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code
With bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance
This new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD
The updated stack will also support AES-NI for hardware-based encryption speed ups
It's expected to be completed by the end of September, and will also be in pfSense 2.2
***
NetBSD at Shimane Open Source Conference 2014
The Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23
One of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary
They had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations
Some visitors said that NetBSD had the most chaotic booth at the conference
***
pfSense 2.1.5 released
A new version of the pfSense 2.1 branch is out
Mostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched in -RELEASE after nearly a month)
It also includes many other bug fixes, check the blog post for the full list
***
Systems, Science and FreeBSD
Our friend George Neville-Neil gave a presentation at Microsoft Research
It's mainly about using FreeBSD as a platform for research, inside and outside of universities
The talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more
***
Interview - Reyk Floeter - [email protected] / @reykfloeter
OpenBSD's HTTP daemon
Tutorial
A crash course on HAMMER FS
News Roundup
OpenBSD's rcctl tool usage
OpenBSD recently got a new tool for managing /etc/rc.conf.local in -current
Similar to FreeBSD's "sysrc" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services
This blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services
It won't make it to 5.6, but will be in 5.7 (next May)
***
pfSense mini-roundup
We found five interesting pfSense articles throughout the week and wanted to quickly mention them
The first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a "smart" DNS service
The second post talks about setting ip IPv6, in particular if Comcast is your ISP
The third one features pfSense on Softpedia, a more mainstream tech site
The fourth post describes how to filter HTTPS traffic with Squid and pfSense
The last article describes setting up a VPN using the "tinc" daemon and pfSense
It seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about
This pfSense HQ website seems to have lots of other cool pfSense items, check it out
***
OpenBSD's new buffer cache
OpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems
Ted Unangst has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work
Initial tests show positive results in terms of cache responsiveness
Check the post for all the fine details
***
BSDTalk episode 244
Another new BSDTalk is up and, this time around, Will Backman interviews Ken Moore, the developer of the new BSD desktop environment
They discuss the history of development, differences between it and other DEs, lots of topics
If you're more of a visual person, fear not, because...
We'll have Ken on next week, including a full "virtual walkthrough" of Lumina and its applications
***
Feedback/Questions
Ghislain writes in
Raynold writes in
Van writes in
Sean writes in
Stefan writes in
***
...more
1h 19min
August 27, 201452: Reverse Takeover
Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
FreeBSD foundation August update
The foundation has published a new PDF detailing some of their recent activities
It includes project development updates, the 10.1-RELEASE schedule and some of its new features
There is also a short interview with Dru Lavigne in the "voices from the community" section
If you're into hardware, there's another section about some new FreeBSD server equipment
In closing, there's an update on funding too
***
NSD for an authoritative nameserver
With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup
This article shows how to use NSD for an authoritative DNS nameserver
It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)
All the instructions are presented very neatly, with all the little details included
Less BIND means less vulnerabilities, everybody's happy
***
BIND and Nginx removed from OpenBSD
While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well
The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)
They've also removed nginx from the base system, in favor of the new custom HTTP daemon
BIND and Nginx are still available in ports if you don't want to switch
We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on
With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives
***
NetBSD demo videos
A Japanese NetBSD developer has been uploading lots of interesting videos
Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware
Most of them are demoing sound or running a modern Twitter client on an ancient computer
They're from the same guy that did the conference wrap-up we mentioned recently
***
Interview - Shawn Webb - [email protected] / @lattera
Address space layout randomization in FreeBSD
Tutorial
Reverse SSH tunneling
News Roundup
Puppet master-agent installation on FreeBSD
If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before
The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own
He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems
The rest of the post explains how to set up both the master and the agent configurations
***
Misc. pfSense items
We found a few miscellaneous pfSense articles this past week
The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender
The second one shows how to log NAT firewall states (a good way to find out which family member has been torrenting!)
In the third, you can see how to automatically back up your configuration files
The fourth item shows how to set up PXE booting with pfSense, similar to one of our tutorials
***
Time Machine backups on ZFS
If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule"
This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system
With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive
Surprisingly simple to do, recommended for anyone with Macs on their network
***
Lumina desktop preview
Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely
The main developer has posted an update on the PCBSD blog with some screenshots
Lots of new features have been added, many of which are documented in the post
There just might be a BSD Now episode about Lumina coming up.. (cough cough)
***
Feedback/Questions
Gary writes in
Cedric writes in
Caldwell writes in
Cary writes in
***
...more
1h 15min
August 20, 201451: Engineering Nginx
Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
Password gropers take spamtrap bait
Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
He seems to have discovered another new weird phenomenon in his pop3 logs
"yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia"
Someone tried to log in to his service with an address that was known to be invalid
The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose
***
Inside the Atheros wifi chipset
Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014
He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development
There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
Very technical talk; some parts might go over your head if you're not a driver developer
The raw video file is also available to download on archive.org
Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things
***
Trip report and hackathon mini-roundup
A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports
Bapt also has a BSDCan report detailing his work on ports and packages
Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure
***
DragonFly BSD 3.8.2 released
Although it was already branched, the release media is now available for DragonFly 3.8.2
This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
It also includes some various other small fixes
***
Interview - Eric Le Blan - [email protected]
Xinuos' recent FreeBSD integration, BSD in the commercial server space
Tutorial
Building a hardened, feature-rich webserver
News Roundup
Defend your network and privacy, FreeBSD version
Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial
This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.
***
Don't encrypt all the things
Another couple of interesting blog posts from Ted Unangst about encryption
It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
He also talks a bit about some PGP weaknesses and a possible future replacement
He also has another, similar post entitled "in defense of opportunistic encryption"
***
New automounter lands in FreeBSD
The work on the new automounter has just landed in 11-CURRENT
With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option
Check the SVN viewer online to read over the man pages if you're not running -CURRENT
You can also read a bit about it in the recent newsletter
***
OpenSSH 6.7 CFT
It's been a little while since the last OpenSSH release, but 6.7 is almost ready
Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released
This version also officially supports being built with LibreSSL now
Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system
***
Feedback/Questions
David writes in
Lachlan writes in
Francis writes in
Frank writes in
Sean writes in
***
...more
1h 28min
August 13, 201450: VPN, My Dear Watson
It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
MeetBSD 2014 is approaching
The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California
MeetBSD has an "unconference" format, which means there will be both planned talks and community events
All the extra details will be on their site soon
It also has hotels and various other bits of useful information - hopefully with more info on the talks to come
Of course, EuroBSDCon is coming up before then
***
First experiences with OpenBSD
A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"
The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try
He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"
From there, it talks about how he used the OpenBSD USB image and got a fully-working system
He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration
Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user!
***
NetBSD rump kernels on bare metal (and Kansai OSC report)
When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right
However, NetBSD's rump kernels - a very unique concept - make this process a lot easier
This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week
Also have a look back at episode 8 for our interview about rump kernels and what exactly they do
While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight
***
OpenSSL and LibreSSL updates
OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)
Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more
LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them
Whichever version of whatever SSL you use, make sure it's patched for these issues
DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT)
***
Interview - Robert Watson - [email protected]
FreeBSD architecture, security research techniques, exploit mitigation
Tutorial
Protecting traffic with a BSD-based VPN
News Roundup
A FreeBSD-based CGit server
If you use git (like a certain host of this show) then you've probably considered setting up your own server
This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend
It even shows you how to set up multiple repos with key-based user separation and other cool things
The author of the post is also a listener of the show, thanks for sending it in!
***
Backup devices for small businesses
In this article, different methods of data storage and backup are compared
After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer
He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers
It also goes over some of the hardware specifics in the FreeNAS Mini
***
A new Xenocara interview
As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara
If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches
In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing
Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there
***
Building a high performance FreeBSD samba server
If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?
FreeBSD, ZFS and Samba obviously!
The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients
This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)
It doesn't even require the newest or best hardware with the right changes, pretty cool
***
Feedback/Questions
An interesting Reddit thread (or two)
PB writes in
Sean writes in
Steve writes in
Lachlan writes in
Justin writes in
***
...more
1h 28min
August 06, 201449: The PC-BSD Tour
Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
FreeBSD foundation semi-annual newsletter
The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation
"In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!"
It talks about the FreeBSD journal as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT
The full list of funded projects is included, also with details in the financial reports
There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon
...more
1h 23min
July 30, 201448: Liberating SSL
Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
FreeBSD quarterly status report
FreeBSD has gotten quite a lot done this quarter
Changes in the way release branches are supported - major releases will get at least five years over their lifespan
A new automounter is in the works, hoping to replace amd (which has some issues)
The CAM target layer and RPC stack have gotten some major optimization and speed boosts
Work on ZFSGuru continues, with a large status report specifically for that
The report also mentioned some new committers, both source and ports
It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show
"Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period"
***
A new OpenBSD HTTPD is born
Work has begun on a new HTTP daemon in the OpenBSD base system
A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist?
Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement)
It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter
This has the added benefit of the usual, easy-to-understand syntax and privilege separation
There's a very brief man page online already
It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs
Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not)
***
pkgng 1.3 announced
The newest version of FreeBSD's second generation package management system has been released, with lots of new features
It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!)
Lots of the code has been sandboxed for extra security
You'll probably notice some new changes to the UI too, making things more user friendly
A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday
***
FreeBSD after-install security tasks
A number of people have written in to ask us "how do I secure my BSD box after I install it?"
With this blog post, hopefully most of their questions will finally be answered in detail
It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things
Not only does it just list things to do, but the post also does a good job of explaining why you should do them
Maybe we'll see some more posts in this series in the future
***
Interview - Brent Cook - [email protected] / @busterbcook
LibreSSL's portable version and development
News Roundup
FreeBSD Mastery - Storage Essentials
MWL's new book about the FreeBSD storage subsystems now has an early draft available
Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes
Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance
You'll get access to the completed (e)book when it's done if you buy the early draft
The suggested price is $8
***
Why BSD and not Linux?
Yet another thread comes up asking why you should choose BSD over Linux or vice-versa
Lots of good responses from users of the various BSDs
Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity."
And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS."
Some other users share their switching experiences - worth a read
***
More g2k14 hackathon reports
Following up from last week's huge list of hackathon reports, we have a few more
Landry Breuil spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream
Andrew Fresh enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl
Ted Unangst did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth
Luckily we didn't have to cover 20 new ones this time!
***
BSDTalk episode 243
The newest episode of BSDTalk is out, featuring an interview with Ingo Schwarze of the OpenBSD team
The main topic of discussion is mandoc, which some users might not be familiar with
mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default)
We'll catch up to you soon, Will!
***
Feedback/Questions
Thomas writes in
Stephen writes in
Sha'ul writes in
Florian writes in
Bob Beck writes in - and note the "Caution" section that was added to libressl.org
***
...more
1h
July 24, 2014 DES Challenge IV | BSD Now 47
Coming up this week on the show!
We've got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like.
The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD.
...more
1h 33min
July 23, 201447: DES Challenge IV
Coming up this week on the show! We've got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like. The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
g2k14 hackathon reports
Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon
Lots of work got done - in just the first two weeks of July, there were over 1000 commits to their CVS tree
Some of the developers wrote in to document what they were up to at the event
Bob Beck planned to work on kernel stuff, but then "LibreSSL happened" and he spent most of his time working on that
Miod Vallat also tells about his LibreSSL experiences
Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!)
Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6)
Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things
Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency
Martin Pelikan integrated read-only ext4 support
Vadim Zhukov did lots of ports work, including working on KDE4
Theo de Raadt created a new, more secure system call, "sendsyslog" and did a lot of work with /etc, sysmerge and the rc scripts
Paul Irofti worked on the USB stack, specifically for the Octeon platform
Sebastian Benoit worked on relayd filters and IPv6 code
Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader
Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection
Stefan Sperling fixed a lot of issues with wireless drivers
Florian Obser did many things related to IPv6
Ingo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface
Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives
Matthieu Herrb worked on updating and modernizing parts of xenocara
***
FreeBSD pf discussion takes off
Concerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the "questions" and "current" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes)
Straight from the SMP FreeBSD pf maintainer: "no one right now [is actively developing pf on FreeBSD]"
Searching for documentation online for pf is troublesome because there are two incompatible syntaxes
FreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating
There's also the issue of importing patches from pfSense, but most of those still haven't been done either
Lots of disagreement among developers vs. users...
Many users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested
Henning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions
Gleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as "uncorroborated claims" (but neither side has provided any public benchmarks)
Gleb had to abandon his work on FreeBSD's pf because funding ran out
***
LibreSSL progress update
LibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago
Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list
However, there has already been some drama... with Linux users
There was a problem with Linux's PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy
This "problem" doesn't affect OpenBSD's native implementation, only the portable version
The developers decide to weigh in to calm the misinformation and rage
A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now - remember to say thanks, guys
Ted Unangst has a really good post about the whole situation, definitely check it out
As a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it
***
Preparation for NetBSD 7
The release process for NetBSD 7.0 is finally underway
The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September
If you run NetBSD, that'll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications)
They're also looking for some help updating documentation and fixing any bugs that get reported
Another formal announcement will be made when the beta binaries are up
***
Interview - Dag-Erling Smørgrav - [email protected] / @RealEvilDES
The role of the FreeBSD Security Officer, recent ports features, various topics
News Roundup
BSDCan ports and packages WG
Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages
Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages
There's also some detail about the signing infrastructure and different mirrors
Ports people and source people need to talk more often about ABI breakage
The post also includes information about pkg 1.3, the old pkg tools' EOL, the quarterly stable package sets and a lot more (it's a huge post!)
***
Cross-compiling ports with QEMU and poudriere
With recent QEMU features, you can basically chroot into a completely different architecture
This article goes through the process of building ARMv6 packages on a normal X86 box
Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now
The poudriere-devel port now has a "qemu user" option that will pull in all the requirements
Hopefully this will pave the way for official pkgng packages on those lesser-used architectures
***
Cloning FreeBSD with ZFS send
For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen
This post shows his entire process in creating a mirror machine, using ZFS for everything
The "zfs send" and "zfs snapshot" commands really come in handy for this
He does the whole thing from a live CD, pretty impressive
***
FreeBSD Overview series
A new blog series we stumbled upon about a Linux user switching to BSD
In part one, he gives a little background on being "done with Linux distros" and documents his initial experience getting and installing FreeBSD 10
He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels
Most of what he was used to on Linux was already in the default FreeBSD (except bash...)
Part two documents his experiences with pkgng and ports
***
Feedback/Questions
Bostjan writes in
Rick writes in
Clint writes in
Esteban writes in
Ben writes in
Matt sends in pictures of his FreeBSD CD collection
***
...more
1h 33min

FAQs about BSD Now:

How many episodes does BSD Now have?

The podcast currently has 634 episodes available.

More shows like BSD Now

Security Now (Audio) by TWiT

Security Now (Audio)

1,970 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

272 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

284 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

265 Listeners

Python Bytes by Michael Kennedy and Brian Okken

Python Bytes

215 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

154 Listeners

Home Assistant Podcast by HK Media

Home Assistant Podcast

65 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

189 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

Late Night Linux Family All Episodes by The Late Night Linux Family

Late Night Linux Family All Episodes

44 Listeners

Linux Dev Time by The Late Night Linux Family

Linux Dev Time

21 Listeners

Self-Hosted by Jupiter Broadcasting

Self-Hosted

135 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

92 Listeners

Linux After Dark by The Late Night Linux Family

Linux After Dark

29 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

47 Listeners