Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Programming Throwdown
Programming Throwdown educates Computer Scientists and Software Engineers on a cavalcade of programming and tech topics. Every show will cover a new programming language, so listeners will be able to speak intelligently about any programming language.
60: Don't Buy a Router
This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSD Devroom CFP (https://lists.fosdem.org/pipermail/fosdem/2014-October/002038.html) This year's FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom They've issued a call for papers on anything BSD-related, and we always love more presentations If you're in the Belgium area or plan on going, submit a talk about something cool you're doing There's also a mailing list (https://lists.fosdem.org/listinfo/bsd-devroom) and some more information in the original post *** Bhyve SVM code merge (https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002905.html) The bhyve_svm code has been in the "projects" tree of FreeBSD, but is now ready (https://svnweb.freebsd.org/base?view=revision&revision=273375) for -CURRENT This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only All the supported operating systems and utilities should work on both now One thing to note: bhyve doesn't support PCI passthrough on AMD just yet There may still be some issues (https://lists.freebsd.org/pipermail/freebsd-virtualization/2014-October/002935.html) though *** NetBSD at Open Source Conference Tokyo (https://mail-index.netbsd.org/netbsd-advocacy/2014/10/20/msg000671.html) The Japanese NetBSD users group held a booth at another recent open source conference As always, they were running NetBSD on everything you can imagine One of the users reports back to the mailing list on their experience, providing lots of pictures and links Here's an interesting screenshot of NetBSD running various other BSDs in Xen (https://pbs.twimg.com/media/B0NnfcbCEAAmKIU.jpg:large) *** More BSD switchers every day (https://www.reddit.com/r/unix/comments/2il383/question_about_the_bsd_community_as_a_whole/) A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect So far, he's found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion There's also another semi-related thread (https://www.reddit.com/r/BSD/comments/2jpxj9/question_about_the_current_state_of_freebsd/) about another Linux user wanting to switch to BSD because of systemd and GNU people There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read Maybe the OPs should've just watched this show *** Interview - Olivier Cochard-Labbé - olivier@cochard.me (mailto:olivier@cochard.me) / @ocochardlabbe (https://twitter.com/ocochardlabbe) The BSD Router Project News Roundup FreeBSD -CURRENT on a T420 (https://www.banym.de/freebsd/install-freebsd-11-on-thinkpad-t420) Thinkpads are quite popular with BSD developers and users Most of the hardware seems to be supported across the BSDs (especially wifi) This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI If you've got a Thinkpad, or especially this specific one, have a look at some of the steps involved *** FreeNAS on a Supermicro 5018A-MHN4 (https://www.teckelworks.com/2014/10/building-a-freenas-server-with-a-supermicro-5018a-mhn4/) More and more people are migrating their NAS devices to BSD-based solutions In this post, the author goes through setting up FreeNAS on some of his new hardware His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures) *** Hardening procfs and linprocfs (http://hardenedbsd.org/article/shawn-webb/2014-10-15/hardening-procfs-and-linprocfs) There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux There exists a native procfs in FreeBSD, which was the target point of that exploit, but it's not used very often The Linux emulation layer also supports its own linprocfs, which was affected as well The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs If you want to learn more about ASLR and HardenedBSD, be sure to check out our interview with Shawn (http://www.bsdnow.tv/episodes/2014_08_27-reverse_takeover) too *** pfSense monitoring with bandwidthd (http://pfsensesetup.com/bandwidth-monitoring-with-bandwidthd/) A lot of people run pfSense on their home network, and it's really useful to monitor the bandwidth usage This article will walk you through setting up bandwidthd to do exactly that bandwidthd monitors based on the IP address, rather than per-interface It can also build some cool HTML graphs, and we love those pfSense graphs Have a look at our bandwidth monitoring and testing (http://www.bsdnow.tv/tutorials/vnstat-iperf) tutorial for some more ideas *** Feedback/Questions Dave writes in (http://slexy.org/view/s2b5ZZ5qCv) Chris writes in (http://slexy.org/view/s20aVvhv2d) Zeke writes in (http://slexy.org/view/s2Vmwxy1QM) Bostjan writes in (http://slexy.org/view/s2LB6MKoNT) Patrick writes in (http://slexy.org/view/s2xxB9uOuV) *** Mailing List Gold More (https://www.marc.info/?l=openbsd-tech&m=141357595922692&w=2) old bugs (https://www.marc.info/?l=openbsd-cvs&m=141358124924479&w=2) The Right Font™ (https://www.marc.info/?l=openbsd-cvs&m=141332534304117&w=2) (see also (https://twitter.com/blakkheim/status/522162864409546753)) ***
59: BSDって聞いたことある?
This week on the show we'll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSD talks at XDC 2014 (https://www.youtube.com/channel/UCXlH5v1PkEhjzLFTUTm_U7g/videos) This year's Xorg conference featured a few BSD-related talks Matthieu Herrb, Status of the OpenBSD graphics stack (https://www.youtube.com/watch?v=KopgD4nTtnA) Matthieu's talk details what's been done recently in Xenocara the OpenBSD kernel for graphics (slides here (http://www.openbsd.org/papers/xdc2014-xenocara.pdf)) Jean-Sébastien Pédron, The status of the graphics stack on FreeBSD (https://www.youtube.com/watch?v=POmxFleN3Bc) His presentation gives a history of major changes and outlines the current overall status of graphics in FreeBSD (slides here (http://www.x.org/wiki/Events/XDC2014/XDC2014PedronFreeBSD/XDC-2014_FreeBSD.pdf)) Francois Tigeot, Porting DRM/KMS drivers to DragonFlyBSD (https://www.youtube.com/watch?v=NdM7_yPGFDk) Francois' talk tells the story of how he ported some of the DRM and KMS kernel drivers to DragonFly (slides here (http://www.x.org/wiki/Events/XDC2014/XDC2014TigeotDragonFlyBSD/XDC-2014_Porting_kms_drivers_to_DragonFly.pdf)) *** FreeBSD Quarterly Status Report (https://www.freebsd.org/news/status/report-2014-07-2014-09.html) The FreeBSD project has a report of their activities between July and September of this year Lots of ARM work has been done, and a goal for 11.0 is tier one support for the platform The release includes reports from the cluster admin team, release team, ports team, core team and much more, but we've already covered most of the items on the show If you're interested in seeing what the FreeBSD community has been up to lately, check the full report - it's huge *** Monitoring pfSense logs using ELK (http://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/) If you're one of those people who loves the cool graphs and charts that pfSense can produce, this is the post for you ELK (ElasticSearch, Logstash, Kibana) is a group of tools that let you collect, store, search and (most importantly) visualize logs It works with lots of different things that output logs and can be sent to one central server for displaying This post shows you how to set up pfSense to do remote logging to ELK and get some pretty awesome graphs *** Some updates to IPFW (https://svnweb.freebsd.org/base?view=revision&revision=272840) Even though PF gets a lot of attention, a lot of FreeBSD people still love IPFW While mostly a dormant section of the source tree, some updates were recently committed to -CURRENT The commit lists the user-visible changes, performance changes, ABI changes and internal changes It should be merged back to -STABLE after a month or so of testing, and will probably end up in 10.2-RELEASE Also check this blog post (http://blog.cochard.me/2014/10/ipfw-improvement-on-freebsd-current.html) for some more information and fancy graphs *** Interview - Hiroki Sato (佐藤広生) - hrs@freebsd.org (mailto:hrs@freebsd.org) / @hiroki_sato (https://twitter.com/hiroki_sato) BSD in Japan, technology conferences, various topics News Roundup pfSense on Hyper-V (https://virtual-ops.de/?p=600) In case you didn't know, the latest pfSense snapshots support running on Hyper-V Unfortunately, the current stable release is based on an old, unsupported FreeBSD 8.x base, so you have to use the snapshots for now The author of the post tells about his experience running pfSense and gives lots of links to read if you're interested in doing the same He also praises pfSense above other Linux-based solutions for its IPv6 support and high quality code *** OpenBSD as a daily driver (https://www.reddit.com/r/openbsd/comments/2isz24/openbsd_as_a_daily_driver/) A curious Reddit user posts to ask the community about using OpenBSD as an everyday desktop OS The overall consensus is that it works great for that, stays out of your way and is quite reliable Caveats would include there being no Adobe Flash support (though others consider this a blessing..) and it requiring a more hands-on approach to updating If you're considering running OpenBSD as a "daily driver," check all the comments for more information and tips *** Getting PF log statistics (https://secure.ciscodude.net/2014/10/09/firewall-log-stats/) The author of this post runs an OpenBSD box in front of all his VMs at his colocation, and details his experiences with firewall logs He usually investigates any IPs of interest with whois, nslookup, etc. - but this gets repetitive quickly, so.. He sets out to find the best way to gather firewall log statistics After coming across a perl script (http://www.pantz.org/software/pf/pantzpfblockstats.html) to do this, he edited it a bit and is now a happy, lazy admin once again You can try out his updated PF script here (https://github.com/tbaschak/Pantz-PFlog-Stats) *** FlashRD 1.7 released (http://www.nmedia.net/flashrd/) In case anyone's not familiar, flashrd is a tool to create OpenBSD images for embedded hardware devices, executing from a virtualized environment This new version is based on (the currently unreleased) OpenBSD 5.6, and automatically adapts to the number of CPUs you have for building It also includes fixes for 4k drives and lots of various other improvements If you're interested in learning more, take a look at some of the slides and audio from the main developer on the website *** Feedback/Questions Antonio writes in (http://slexy.org/view/s20XvSa4h0) Don writes in (http://slexy.org/view/s20lGUXW3d) Andriy writes in (http://slexy.org/view/s2al5DFIO7) Richard writes in (http://slexy.org/view/s203QoFuWs) Robert writes in (http://slexy.org/view/s29WIplL6k) *** Mailing List Gold Subtle trolling (https://marc.info/?l=openbsd-cvs&m=141271076115386&w=2) Old bugs with old fixes (https://marc.info/?l=openbsd-cvs&m=141275713329601&w=2) A pig reinstall (https://lists.freebsd.org/pipermail/freebsd-ports/2014-October/095906.html) Strange DOS-like environment (https://lists.freebsd.org/pipermail/freebsd-doc/2014-October/024408.html) ***
58: Behind the Masq
Coming up this week on the show, we'll be talking to Matt Ranney and George Kola about how they use FreeBSD at Voxer, and how to get more companies to switch over. After that, we'll show you how to filter website ads at the gateway level, using DNSMasq. All this week's news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines NetBSD's EuroBSDCon report (https://blog.netbsd.org/tnf/entry/netbsd_developer_summit_at_eurobsdcon) This year's EuroBSDCon had the record number of NetBSD developers attending The NetBSD guys had a small devsummit as well, and this blog post details some of their activities Pierre Pronchery also talked about EdgeBSD there (also see our interview (http://www.bsdnow.tv/episodes/2014_04_01-edgy_bsd_users) if you haven't already) Hopefully this trend continues, and NetBSD starts to have even more of a presence at the conferences *** Upcoming features in OpenBSD 5.6 (http://lteo.net/blog/2014/10/01/a-sneak-peek-at-the-upcoming-openbsd-5-dot-6-release/) OpenBSD 5.6 is to be released in just under a month from now, and one of the developers wrote a blog post about some of the new features The post is mostly a collection of various links, many of which we've discussed before It'll be the first version with LibreSSL and many other cool things We will, of course, have all the details on the day of release There are some good comments (https://news.ycombinator.com/item?id=8413028) on hacker news about 5.6 as well *** FreeBSD ARMv8-based implementation (http://www.prnewswire.com/news-releases/cavium-to-sponsor-freebsd-armv8-based-implementation-277724361.html) The FreeBSD foundation is sponsoring some work to port FreeBSD to the new ThunderX ARM CPU family With the potential to have up to 48 cores, this type of CPU might make ARM-based servers a more appealing option Cavium, the company involved with this deal, seems to have lots of BSD fans This collaboration is expected to result in Tier 1 recognition of the ARMv8 architecture *** Updating orphaned OpenBSD ports (https://marc.info/?l=openbsd-ports&m=141235737615585&w=2) We discussed OpenBSD porting over portscout from FreeBSD a while back Their ports team is making full use of it now, and they're also looking for people to help update some unmaintained ports A new subdomain, portroach.openbsd.org (http://portroach.openbsd.org/), will let you view all the ports information easily If you're interested in learning to port software, or just want to help update a port you use, this is a good chance to get involved *** Interview - Matt Ranney & George Kola - mjr@ranney.com (mailto:mjr@ranney.com) & george.kola@voxer.com (mailto:george.kola@voxer.com) BSD at Voxer, companies switching from Linux, community interaction Tutorial Adblocking with DNSMasq & Pixelserv (http://www.bsdnow.tv/tutorials/dnsmasq) News Roundup GhostBSD 4.0 released (http://ghostbsd.org/4.0-release) The 4.0 branch of GhostBSD has finally been released, based on FreeBSD 10 With it come all the big 10.0 changes: clang instead of gcc, pkgng by default, make replaced by bmake Mate is now the default desktop, with different workstation styles to choose from *** Reports from PF about banned IPs (http://ypnose.org/blog/2014/newbrute-pf.html) If you run any kind of public-facing server, you've probably seen your logs fill up with unwanted traffic This is especially true if you run SSH on port 22, which the author of this post seems to A lot can be done with just PF and some brute force tables He goes through some different options for blocking Chinese IPs and break-in attempts It includes a useful script he wrote to get reports about the IPs being blocked via email *** NetBSD 6.1.5 and 6.0.6 released (https://blog.netbsd.org/tnf/entry/netbsd_6_1_5_and) The 6.1 and 6.0 branches of NetBSD got some updates They include a number of security and stability fixes - plenty of OpenSSL mentions Various panics and other small bugs also got fixed *** OpenSSH 6.7 released (https://lists.mindrot.org/pipermail/openssh-unix-announce/2014-October/000119.html) After a long delay, OpenSSH 6.7 has finally been released Major internal refactoring has been done to make part of OpenSSH usable as a library SFTP transfers can now be resumed Lots of bug fixes, a few more new features - check the release notes for all the details This release disables some insecure ciphers by default, so keep that in mind if you connect with legacy clients that use Arcfour or CBC modes *** Feedback/Questions Andriy writes in (http://slexy.org/view/s218tT9C7v) Karl writes in (http://slexy.org/view/s2WY5R5e0l) Possnfiffer writes in (http://slexy.org/view/s20z8MPBVw) Brad writes in (http://slexy.org/view/s21h2Yx5al) Solomon writes in (http://slexy.org/view/s21xu9U0qt) ***
57: The Daemon's Apprentice
We're back from EuroBSDCon! This week we'll be talking with Steve Wills about mentoring new BSD developers. If you've ever considered becoming a developer or helping out, it's actually really easy to get involved. We've also got all the BSD news for the week and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines NetBSD at Hiroshima Open Source Conference (http://mail-index.netbsd.org/netbsd-advocacy/2014/09/26/msg000669.html) NetBSD developers are hard at work, putting NetBSD on everything they can find At a technology conference in Hiroshima, some developers brought their exotic machines to put on display As usual, there are lots of pictures and a nice report from the conference *** FreeBSD's Linux emulation overhaul (https://svnweb.freebsd.org/ports?limit_changes=0&view=revision&revision=368845) For a long time, FreeBSD's emulation layer has been based on an ancient Fedora 10 system If you've ever needed to install Adobe Flash on BSD, you'll be stuck with all this extra junk With some recent work, that's been replaced with a recent CentOS release This opens up the door for newer versions of Skype to run on FreeBSD, and maybe even Steam someday *** pfSense 2.2-BETA (https://blog.pfsense.org/?p=1449) Big changes are coming in pfSense land, with their upcoming 2.2 release We talked to the developer (http://www.bsdnow.tv/episodes/2014_02_19-a_sixth_pfsense) a while back about future plans, and now they're finally out there The 2.2 branch will be based on FreeBSD 10-STABLE (instead of 8.3) and include lots of performance fixes It also includes some security updates, lots of package changes and updates and much more You can check the full list of changes (https://doc.pfsense.org/index.php/2.2_New_Features_and_Changes) on their wiki *** NetBSD on the Raspberry Pi (http://www.cambus.net/netbsd-on-the-raspberry-pi/) This article shows how you can install NetBSD on the ever-so-popular Raspberry Pi As of right now, you'll need to use a -CURRENT snapshot to do it It also shows how to grow the filesystem to fill up an SD card, some pkgsrc basics and how to get some initial things set up Can anyone find something that you can't install NetBSD on? *** Interview - Steve Wills - swills@freebsd.org (mailto:swills@freebsd.org) / @swills (https://twitter.com/swills) Mentoring new BSD developers News Roundup MidnightBSD 0.5 released (http://www.midnightbsd.org/notes/) We don't hear a whole lot about MidnightBSD, but they've just released version 0.5 It's got a round of the latest FreeBSD security patches, driver updates and various small things Maybe one of their developers could come on the show sometime and tell us more about the project *** BSD Router Project 1.52 released (http://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.52/) The newest update for the BSD Router Project is out This version is based on a snapshot of 10-STABLE that's very close to 10.1-RELEASE It's mostly a bugfix release, but includes some small changes and package updates *** Configuring a DragonFly BSD desktop (http://www.dragonflydigest.com/2014/09/19/14751.html) We've done tutorials on how to set up a FreeBSD or OpenBSD desktop, but maybe you're more interested in DragonFly In this post from Justin Sherrill, you'll learn some of the steps to do just that He pulled out an old desktop machine, gave it a try and seems to be pleased with the results It includes a few Xorg tips, and there are some comments about the possibility of making a GUI DragonFly installer *** Building a mini-ITX pfSense box (http://pakitong.blogspot.com/2014/09/jetway-j7f2-four-lan-mini-itx-for.html) Another week, another pfSense firewall build post This time, the author is installing to a Jetway J7F2, a mini-ITX device with four LAN ports He used to be a m0n0wall guy, but wanted to give the more modern pfSense a try Lots of great pictures of the hardware, which we always love *** Feedback/Questions Damian writes in (http://slexy.org/view/s2184TfOKD) Jan writes in (http://slexy.org/view/s20uAdTwLv) Dale writes in (http://slexy.org/view/s20es52IgZ) Joe writes in (http://slexy.org/view/s2mjulpac6) Bostjan writes in (http://slexy.org/view/s2BvNC8cgi) ***
56: Beastly Infrastructure
This week we're on the other side of the Atlantic, attending EuroBSDCon. For now, we've got an awesome interview with Peter Wemm about the FreeBSD web cluster and infrastructure. It's an inside look that you probably won't hear about anywhere else! We'll also get to a couple of your emails today, and be back next week with all the usual goodies, on BSD Now - the place to B.. SD. This episode was brought to you by Interview - Peter Wemm - peter@freebsd.org (mailto:peter@freebsd.org) / @karinjiri (https://twitter.com/karinjiri) The FreeBSD web cluster and infrastructure Feedback/Questions Todd writes in (http://slexy.org/view/s2LRZu3hlI) Brandon writes in (http://slexy.org/view/s21JeoW1rn) ***
55: The Promised WLAN
Coming up this week, we'll be talking with Adrian Chadd about all things wireless, his experience with FreeBSD on various laptop hardware and a whole lot more. As usual, we've got the latest news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD 10.1-BETA1 is out (http://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/10.1/) The first maintenance update in the 10.x series of FreeBSD is on its way Since we can't see a changelog yet, the 10-STABLE release notes (https://www.freebsd.org/relnotes/10-STABLE/relnotes/article.html) offer a glimpse at some of the new features and fixes that will be included in 10.1 The vt driver was merged from -CURRENT, lots of drivers were updated, lots of bugs were fixed and bhyve also got many improvements from 11 Initial UEFI support, multithreaded softupdates for UFS and many more things were added You can check the release schedule (https://www.freebsd.org/releases/10.1R/schedule.html) for the planned release dates Details for the various forms of release media can be found in the announcement (https://lists.freebsd.org/pipermail/freebsd-stable/2014-September/080106.html) *** Remote headless OpenBSD installation (https://jcs.org/notaweblog/2014/09/12/remotely_installing_openbsd_on_a/) A lot of server providers only offer a limited number of operating systems to be easily installed on their boxes Sometimes you'll get lucky and they'll offer FreeBSD, but it's much harder to find ones that natively support other BSDs This article shows how you can use a Linux-based rescue system, a RAM disk and QEMU to install OpenBSD on the bare metal of a server, headlessly and remotely It required a few specific steps you'll want to take note of, but is extremely useful for those pesky hosting providers *** Building a firewall appliance with pfSense (http://www.get-virtual.net/2014/09/16/build-firewall-appliance/) In this article, we learn how to easily set up a gateway and wireless access point with pfSense on a Netgate ALIX2C3 APU (http://pcengines.ch/alix2c3.htm) After the author's modem died, he decided to look into a more do-it-yourself option with pf and a tiny router board The hardware he used has gigabit ports and a BSD-compatible wireless card, as well as enough CPU power for a modest workload and a few services (OpenVPN, etc.) There's a lot of great pictures of the hardware and detailed screenshots, definitely worth a look *** Receive Side Scaling - UDP testing (http://adrianchadd.blogspot.com/2014/09/receive-side-scaling-testing-udp.html) Adrian Chadd has been working on RSS (Receive Side Scaling) in FreeBSD, and gives an update on the progress He's using some quad core boxes with 10 gigabit ethernet for the tests The post gives lots of stats and results from his network benchmark, as well as some interesting workarounds he had to do He also provides some system configuration options, sysctl knobs, etc. (if you want to try it out) And speaking of Adrian Chadd... *** Interview - Adrian Chadd - adrian@freebsd.org (mailto:adrian@freebsd.org) / @erikarn (https://twitter.com/erikarn) BSD on laptops, wifi, drivers, various topics News Roundup Sendmail removed from OpenBSD (http://undeadly.org/cgi?action=article&sid=20140916084251) Mail server admins around the world are rejoicing (https://news.ycombinator.com/item?id=8324475), because sendmail is finally gone (http://marc.info/?l=openbsd-cvs&m=141081997917153&w=2) from OpenBSD With OpenSMTPD being a part of the base system, sendmail became largely redundant and unneeded If you've ever compared a "sendmail.cf" file to an "smtpd.conf" file... the different is as clear as night and day 5.6 will serve as a transitional release, including both sendmail and OpenSMTPD, but 5.7 will be the first release without it If you still need it for some reason, sendmail will live in ports from now on Hopefully FreeBSD will follow suit sometime in the future as well, possibly including DragonFly's mail transfer agent in base (instead of an entire mail server) *** pfSense backups with pfmb (https://github.com/zinkwazi/pfmb) We've mentioned the need for a tool to back up pfSense configs a number of times on the show This script, hosted on github, does pretty much exactly that It can connect to one (or more!) pfSense installations and back up the configuration You can roll back or replace failed hardware very easily with its restore function Everything is done over SSH, so it should be pretty secure *** The Design and Implementation of the FreeBSD Operating System (http://www.amazon.com/dp/0321968972/) We mentioned when the pre orders were up, but now "The Design and Implementation of the FreeBSD Operating System, 2nd edition" seems to be shipping out If you're interested in FreeBSD development, or learning about the operating system internals, this is a great book to buy We've even had all (http://www.bsdnow.tv/episodes/2013-10-02_stacks_of_cache) three (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) authors (http://www.bsdnow.tv/episodes/2014_08_13-vpn_my_dear_watson) on the show before! *** OpenBSD's systemd replacement updates (http://undeadly.org/cgi?action=article&sid=20140915064856) We mentioned last week that the news of OpenBSD creating systemd wrappers was getting mainstream attention One of the developers writes in to Undeadly, detailing what's going on and what the overall status is He also clears up any confusion about "porting systemd to BSD" (that's not what's going on) or his code ever ending up in base (it won't) The top comment as of right now is a Linux user asking if his systemd wrappers can be ported back to Linux... poor guy *** Feedback/Questions Brad writes in (http://slexy.org/view/s20jrx0nIf) Ben writes in (http://slexy.org/view/s21hFUJ2ju) Mathieu writes in (http://slexy.org/view/s21RgSzOv4) Steve writes in (http://slexy.org/view/s2P1mzalPh) ***
54: Luminary Environment
This week on the show, it's all about Lumina. We'll be giving you a visual walkthrough of the new BSD-exclusive desktop environment, as well as chatting with the main developer. There's also answers to your emails and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Portscout ported to OpenBSD (http://blog.jasper.la/portscout-for-openbsd/) Portscout is a popular utility used in the FreeBSD ports infrastructure It lets port maintainers know when there's a new version of the upstream software available by automatically checking the distfile mirror Now OpenBSD porters can enjoy the same convenience, as it's been ported over You can view the status online (http://portscout.jasper.la/) to see how it works and who maintains what (http://portscout.jasper.la/index-total.html) The developer who ported it is working to get all the current features working on OpenBSD, and added a few new features as well He decided to fork and rename it (https://jasperla.github.io/portroach/) a few days later *** Sysadmins and systemd refugees flocking to BSD (https://www.reddit.com/r/freebsd/comments/2fgb90/you_have_your_windows_in_my_linux_or_why_many/) With all the drama in Linux land about the rapid changes to their init system, a lot of people are looking at BSD alternatives This "you got your Windows in my Linux (http://www.infoworld.com/d/data-center/you-have-your-windows-in-my-linux-249483)" article (and accompanying comments) give a nice glimpse into the minds of some of those switchers Both server administrators and regular everyday users are switching away from Linux, as more and more distros give them no choice but to use systemd Fortunately, the BSD communities are usually very welcoming of switchers - it's pretty nice on this side! *** OpenBSD's versioning schemes (http://www.tedunangst.com/flak/post/OpenBSD-version-numbers) Ted Unangst explains the various versioning systems within OpenBSD, from the base to libraries to other included software In contrast to FreeBSD's release cycle, OpenBSD isn't as concerned with breaking backwards compatibility (but only if it's needed to make progress) This allows them to innovate and introduce new features a lot more easily, and get those features in a stable release that everyone uses He also details the difference between branches, their errata system and lack of "patch levels" for security Some other things in OpenBSD don't have version numbers at all, like tmux "Every release adds some new features, fixes some old bugs, probably adds a new bug or two, and, if I have anything to say about it, removes some old features." *** VAXstation 4000 Model 90 booting NetBSD (https://www.youtube.com/watch?v=zLsgFPaMPyg) We found a video of NetBSD booting on a 22 year old VAX workstation, circa 1992 This system has a monstrous 71 MHz CPU and 128MB of ECC RAM It continues in part two (https://www.youtube.com/watch?v=YKzDXKmn66U), where we learn that it would've cost around $25,000 when it was released! The uploader talks about his experiences getting NetBSD on it, what does and doesn't work, etc It's interesting to see that such old hardware isn't necessarily obsolete just because newer things have come out since then (but maybe don't try to build world on it...) *** Interview - Ken Moore - ken@pcbsd.org (mailto:ken@pcbsd.org) The Lumina desktop environment Special segment Lumina walkthrough News Roundup Suricata for IDS on pfSense (http://pfsensesetup.com/suricata-intrusion-detection-system-part-one) While most people are familiar with Snort as an intrusion detection system, Suricata is another choice This guide goes through the steps of installing and configuring it on a public-facing pfSense box Part two (http://pfsensesetup.com/suricata-intrusion-detection-system-part-two/) details some of the configuration steps One other cool thing about Suricata - it's compatible with Snort rules, so you can use the same updates There's also another recent post (http://www.allamericancomputerrepair.com/Blog/Post/29/Install-Snort-on-FreeBSD) about snort as well, if that's more your style If you run pfSense (or any BSD) as an edge router for a lot of users, this might be worth looking into *** OpenBSD's systemd API emulation project (http://bsd.slashdot.org/story/14/09/08/0250207/gsoc-project-works-to-emulate-systemd-for-openbsd) This story was pretty popular in the mainstream news this week For the Google Summer of Code, a student is writing emulation wrappers for some of systemd's functions (https://twitter.com/blakkheim/status/509092821773848577) There was consideration from some Linux users to port over the finished emulation back to Linux, so they wouldn't have to run the full systemd One particularly interesting Slashdot comment snippet (http://bsd.slashdot.org/comments.pl?sid=5663319&cid=47851361): "We are currently migrating a large number (much larger than planned after initial results) of systems from RHEL to BSD - a decision taken due to general unhappiness with RHEL6, but SystemD pushed us towards BSD rather than another Linux distro - and in some cases are seeing throughput gains of greater than 10% on what should be equivalent Linux and BSD server builds. The re-learning curve wasn't as steep as we expected, general system stability seems to be better too, and BSD's security reputation goes without saying." It will NOT be in the base system - only in ports, and only installed as a dependency for things like newer GNOME (http://blogs.gnome.org/ovitters/2014/09/07/systemd-in-gnome-3-14-and-beyond/) that require such APIs In the long run, BSD will still be safe from systemd's reign of terror, but will hopefully still be compatible with some third party packages like GNOME that insist on using it *** GhostBSD 4 previewed (http://www.linuxbsdos.com/2014/05/19/preview-of-ghostbsd-4-0/) The GhostBSD project is moving along, slowly getting closer to the 4 release This article shows some of the progress made, and includes lots of screenshots and interesting graphical frontends If you're not too familiar with GhostBSD, we interviewed the lead developer (http://www.bsdnow.tv/episodes/2014_03_12-ghost_of_partition) a little while back *** NetBSD on the Banana Pi (http://rizzoandself.blogspot.com/2014/09/netbsd-on-banana-pi.html) The Banana Pi is a tasty alternative to the Raspberry Pi, with similar hardware specs In this blog post, a NetBSD developer details his experiences in getting NetBSD to run on it After studying how the prebuilt Linux image booted, he made some notes and started hacking Ethernet, one of the few things not working, is being looked into and he's hoping to get it fully supported for the upcoming NetBSD 7.0 They're only about $65 as of the time we're recording this, so it might be a fun project to try *** Feedback/Questions Antonio writes in (http://slexy.org/view/s28iKdBEbm) Garegin writes in (http://slexy.org/view/s21Wfnv87h) Erno writes in (http://slexy.org/view/s2Fzryxhdz) Brandon writes in (http://slexy.org/view/s2ILcqdFfF) ***
53: It's HAMMER Time
It's our one year anniversary episode, and we'll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it's going. After that, we'll show you the ins and outs of DragonFly's HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation's new IPSEC project (http://freebsdfoundation.blogspot.com/2014/08/freebsd-foundation-announces-ipsec.html) The FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code With bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance This new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD The updated stack will also support AES-NI for hardware-based encryption speed ups It's expected to be completed by the end of September, and will also be in pfSense 2.2 *** NetBSD at Shimane Open Source Conference 2014 (http://mail-index.netbsd.org/netbsd-advocacy/2014/08/31/msg000667.html) The Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23 One of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary They had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations Some visitors said that NetBSD had the most chaotic booth at the conference *** pfSense 2.1.5 released (https://blog.pfsense.org/?p=1401) A new version of the pfSense 2.1 branch is out Mostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched (https://lists.freebsd.org/pipermail/freebsd-security/2014-August/007875.html) in -RELEASE after nearly a month) It also includes many other bug fixes, check the blog post for the full list *** Systems, Science and FreeBSD (http://msrvideo.vo.msecnd.net/rmcvideos/227133/dl/227133.mp4) Our friend George Neville-Neil (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) gave a presentation at Microsoft Research It's mainly about using FreeBSD as a platform for research, inside and outside of universities The talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more *** Interview - Reyk Floeter - reyk@openbsd.org (mailto:reyk@openbsd.org) / @reykfloeter (https://twitter.com/reykfloeter) OpenBSD's HTTP daemon Tutorial A crash course on HAMMER FS (http://www.bsdnow.tv/tutorials/hammer) News Roundup OpenBSD's rcctl tool usage (http://brynet.biz.tm/article-rcctl.html) OpenBSD recently got a new tool (http://undeadly.org/cgi?action=article&sid=20140820090351) for managing /etc/rc.conf.local in -current Similar to FreeBSD's "sysrc" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services This blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services It won't make it to 5.6, but will be in 5.7 (next May) *** pfSense mini-roundup (http://mateh.id.au/2014/08/stream-netflix-chromecast-using-pfsense/) We found five interesting pfSense articles throughout the week and wanted to quickly mention them The first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a "smart" DNS service The second post (http://theosquest.com/2014/08/28/ipv6-with-comcast-and-pfsense/) talks about setting ip IPv6, in particular if Comcast is your ISP The third one (http://news.softpedia.com/news/PfSense-2-1-5-Is-Free-and-Powerful-FreeBSD-based-Firewall-Operating-System-457097.shtml) features pfSense on Softpedia, a more mainstream tech site The fourth post (http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/) describes how to filter HTTPS traffic with Squid and pfSense The last article (http://pfsensesetup.com/vpn-tunneling-with-tinc/) describes setting up a VPN using the "tinc (https://en.wikipedia.org/wiki/Tinc_%28protocol%29)" daemon and pfSense It seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about This pfSense HQ website seems to have lots of other cool pfSense items, check it out *** OpenBSD's new buffer cache (http://www.tedunangst.com/flak/post/2Q-buffer-cache-algorithm) OpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work Initial tests show positive results in terms of cache responsiveness Check the post for all the fine details *** BSDTalk episode 244 (http://bsdtalk.blogspot.com/2014/08/bsdtalk244-lumina-desktop-environment.html) Another new BSDTalk is up and, this time around, Will Backman (http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk) interviews Ken Moore, the developer of the new BSD desktop environment They discuss the history of development, differences between it and other DEs, lots of topics If you're more of a visual person, fear not, because... We'll have Ken on next week, including a full "virtual walkthrough" of Lumina and its applications *** Feedback/Questions Ghislain writes in (http://slexy.org/view/s21G3KL6lv) Raynold writes in (http://slexy.org/view/s21USZdk2D) Van writes in (http://slexy.org/view/s2IWAfkDfX) Sean writes in (http://slexy.org/view/s2OBhezoDV) Stefan writes in (http://slexy.org/view/s22h9RhXUy) ***
52: Reverse Takeover
Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation August update (https://www.freebsdfoundation.org/press/2014augupdate.pdf) The foundation has published a new PDF detailing some of their recent activities It includes project development updates, the 10.1-RELEASE schedule and some of its new features There is also a short interview with Dru Lavigne (http://www.bsdnow.tv/episodes/2014_04_09-pxe_dust) in the "voices from the community" section If you're into hardware, there's another section about some new FreeBSD server equipment In closing, there's an update on funding too *** NSD for an authoritative nameserver (http://www.prado.it/2014/08/20/how-to-run-master-nsd-on-freebsd-10-0/) With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup This article shows how to use NSD for an authoritative DNS nameserver It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together) All the instructions are presented very neatly, with all the little details included Less BIND means less vulnerabilities, everybody's happy *** BIND and Nginx removed from OpenBSD (http://marc.info/?l=openbsd-cvs&m=140873518514033&w=2) While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year) They've also removed nginx (http://marc.info/?l=openbsd-cvs&m=140908174910713&w=2) from the base system, in favor of the new custom HTTP daemon BIND and Nginx are still available in ports if you don't want to switch We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives *** NetBSD demo videos (https://www.youtube.com/user/tsutsuii/videos) A Japanese NetBSD developer has been uploading lots of interesting videos Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware Most of them are demoing sound or running a modern Twitter client on an ancient computer They're from the same guy that did the conference wrap-up we mentioned recently *** Interview - Shawn Webb - shawn.webb@hardenedbsd.org (mailto:shawn.webb@hardenedbsd.org) / @lattera (https://twitter.com/lattera) Address space layout randomization in FreeBSD (http://hardenedbsd.org/) Tutorial Reverse SSH tunneling (http://www.bsdnow.tv/tutorials/reverse-ssh) News Roundup Puppet master-agent installation on FreeBSD (https://deuterion.net/puppet-master-agent-installation-on-freebsd/) If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems The rest of the post explains how to set up both the master and the agent configurations *** Misc. pfSense items (http://www.mondaiji.com/blog/other/it/10175-the-hunt-for-the-ultimate-free-open-source-firewall-distro) We found a few miscellaneous pfSense articles this past week The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender The second one (http://willbradley.name/2014/08/20/logging-natfirewallstate-entries-in-pfsense/) shows how to log NAT firewall states (a good way to find out which family member has been torrenting!) In the third (http://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/), you can see how to automatically back up your configuration files The fourth item (https://vidarw.wordpress.com/2014/07/09/network-boot-with-pfsense-and-tftpd32/) shows how to set up PXE booting with pfSense, similar to one of our tutorials *** Time Machine backups on ZFS (http://blog.khubla.com/freebsd/timemachine-backups-on-freebsd-10) If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule" This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive Surprisingly simple to do, recommended for anyone with Macs on their network *** Lumina desktop preview (http://blog.pcbsd.org/2014/08/pc-bsd-10-0-3-preview-lumina-desktop/) Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely The main developer has posted an update on the PCBSD blog with some screenshots Lots of new features have been added, many of which are documented in the post There just might be a BSD Now episode about Lumina coming up.. (cough cough) *** Feedback/Questions Gary writes in (http://slexy.org/view/s21eLBvf1l) Cedric writes in (http://slexy.org/view/s20xqTKNrf) Caldwell writes in (http://slexy.org/view/s21q428tPj) Cary writes in (http://slexy.org/view/s2uVLhqCaO) ***
51: Engineering Nginx
Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Password gropers take spamtrap bait (http://bsdly.blogspot.com/2014/08/password-gropers-take-spamtrap-bait.html) Our friend Peter Hansteen (http://www.bsdnow.tv/episodes/2014_04_30-puffy_firewall), who keeps his eyes glued to his log files, has a new blog post He seems to have discovered another new weird phenomenon in his pop3 logs "yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia" Someone tried to log in to his service with an address that was known to be invalid The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose *** Inside the Atheros wifi chipset (https://www.youtube.com/watch?v=WOcYTqoSQ68) Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014 He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards Very technical talk; some parts might go over your head if you're not a driver developer The raw video file is also available to download (https://archive.org/download/WirelessVillageAtDefCon22/20-Atheros.mp4) on archive.org Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things *** Trip report and hackathon mini-roundup (http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-mark-linimon.html) A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports Bapt also has a BSDCan report (http://freebsdfoundation.blogspot.com/2014/08/bsdcan-trip-report-baptiste-daroussin.html) detailing his work on ports and packages Antoine Jacoutot writes about (http://undeadly.org/cgi?action=article&sid=20140812064946) his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout Peter Hessler, a latecomer to the hackathon, details his experience (http://undeadly.org/cgi?action=article&sid=20140806125308) too, hacking on the installer and built-in upgrade function Christian Weisgerber talks about (http://undeadly.org/cgi?action=article&sid=20140803122705) starting some initial improvements of OpenBSD's ports infrastructure *** DragonFly BSD 3.8.2 released (http://lists.dragonflybsd.org/pipermail/commits/2014-August/270573.html) Although it was already branched, the release media is now available for DragonFly 3.8.2 This is a minor update, mostly to fix the recent OpenSSL vulnerabilities It also includes some various other small fixes *** Interview - Eric Le Blan - info@xinuos.com (mailto:info@xinuos.com) Xinuos' recent FreeBSD integration, BSD in the commercial server space Tutorial Building a hardened, feature-rich webserver (http://www.bsdnow.tv/tutorials/nginx) News Roundup Defend your network and privacy, FreeBSD version (http://networkfilter.blogspot.com/2014/08/defend-your-network-and-privacy-vpn.html) Back in episode 39 (http://www.bsdnow.tv/episodes/2014_05_28-the_friendly_sandbox), we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial (http://www.bsdnow.tv/tutorials/openbsd-router) This is a follow-up post, by the same author, about doing a similar thing with FreeBSD He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc. *** Don't encrypt all the things (http://www.tedunangst.com/flak/post/dont-encrypt-all-the-things) Another couple of interesting blog posts from Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) about encryption It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie He also talks a bit about some PGP weaknesses and a possible future replacement He also has another, similar post entitled "in defense of opportunistic encryption (http://www.tedunangst.com/flak/post/in-defense-of-opportunistic-encryption)" *** New automounter lands in FreeBSD (https://svnweb.freebsd.org/base?view=revision&revision=270096) The work on the new automounter has just landed in 11-CURRENT With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option Check the SVN viewer online to read over the man pages if you're not running -CURRENT You can also read a bit about it in the recent newsletter (https://www.freebsdfoundation.org/press/2014jul-newsletter#Project3) *** OpenSSH 6.7 CFT (https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032810.html) It's been a little while since the last OpenSSH release, but 6.7 is almost ready Our friend Damien Miller (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) issued a call for testing for the upcoming version, which includes a fair amount of new features It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released This version also officially supports being built with LibreSSL now Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system *** Feedback/Questions David writes in (http://slexy.org/view/s20yIP7VXa) Lachlan writes in (http://slexy.org/view/s2DeeUjAn6) Francis writes in (http://slexy.org/view/s216imwEb0) Frank writes in (http://slexy.org/view/s2oc8vavWe) Sean writes in (http://slexy.org/view/s20wL61sSr) ***
50: VPN, My Dear Watson
It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines MeetBSD 2014 is approaching (http://www.ixsystems.com/whats-new/ixsystems-to-host-meetbsd-california-2014-at-western-digital-in-san-jose/) The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California MeetBSD has an "unconference" format, which means there will be both planned talks and community events All the extra details will be on their site (https://www.meetbsd.com/) soon It also has hotels and various other bits of useful information - hopefully with more info on the talks to come Of course, EuroBSDCon is coming up before then *** First experiences with OpenBSD (https://www.azabani.com/2014/08/09/first-experiences-with-openbsd.html) A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before" The author read the famous "BSD for Linux users (http://www.over-yonder.net/~fullermd/rants/bsd4linux/01)" series (that most of us have surely seen) and decided to give BSD a try He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software" From there, it talks about how he used the OpenBSD USB image and got a fully-working system He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! *** NetBSD rump kernels on bare metal (and Kansai OSC report) (https://blog.netbsd.org/tnf/entry/an_internet_ready_os_from) When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right However, NetBSD's rump kernels - a very unique concept - make this process a lot easier This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week Also have a look back at episode 8 (http://www.bsdnow.tv/episodes/2013_10_23-a_brief_intorduction) for our interview about rump kernels and what exactly they do While on the topic of NetBSD, there were also a couple of very detailed reports (http://mail-index.netbsd.org/netbsd-advocacy/2014/08/09/msg000658.html) (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference (http://d.hatena.ne.jp/mizuno-as/20140806/1407307913) that we wanted to highlight *** OpenSSL and LibreSSL updates (https://www.openssl.org/news/secadv_20140806.txt) OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!) Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more LibreSSL released a new version (http://marc.info/?l=openbsd-tech&m=140752295222929&w=2) to address most of the vulnerabilities, but wasn't affected by some of them Whichever version of whatever SSL you use, make sure it's patched for these issues DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT) *** Interview - Robert Watson - rwatson@freebsd.org (mailto:rwatson@freebsd.org) FreeBSD architecture, security research techniques, exploit mitigation Tutorial Protecting traffic with a BSD-based VPN (http://www.bsdnow.tv/tutorials/openvpn) News Roundup A FreeBSD-based CGit server (https://lechindianer.de/blog/2014/08/06/freebsd-cgit/) If you use git (like a certain host of this show) then you've probably considered setting up your own server This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend It even shows you how to set up multiple repos with key-based user separation and other cool things The author of the post is also a listener of the show, thanks for sending it in! *** Backup devices for small businesses (http://www.smallbusinesscomputing.com/biztools/6-data-backup-devices-for-small-businesses.html) In this article, different methods of data storage and backup are compared After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers It also goes over some of the hardware specifics in the FreeNAS Mini *** A new Xenocara interview (http://blog.bronevichok.ru/2014/08/06/testing-of-xorg.html) As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there *** Building a high performance FreeBSD samba server (https://not.burntout.org/blog/high_performance_samba_server_on_freebsd/) If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution? FreeBSD, ZFS and Samba obviously! The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding) It doesn't even require the newest or best hardware with the right changes, pretty cool *** Feedback/Questions An interesting Reddit thread (http://www.reddit.com/r/BSD/comments/2ctlt4/switched_from_arch_linux_to_openbsd_reference/) (or two (http://www.reddit.com/r/BSD/comments/2dcig9/thinking_about_coming_to_bsd_from_arch)) PB writes in (http://slexy.org/view/s21t7L5bqO) Sean writes in (http://slexy.org/view/s20MFywDqZ) Steve writes in (http://slexy.org/view/s2Td6nq11J) Lachlan writes in (http://slexy.org/view/s215MlpJYV) Justin writes in (http://slexy.org/view/s2N4JKkoKt) ***
49: The PC-BSD Tour
Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation semi-annual newsletter (https://www.freebsdfoundation.org/press/2014jul-newsletter) The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation "In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!" It talks about the FreeBSD journal (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT The full list of funded projects is included, also with details in the financial reports There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon
48: Liberating SSL
Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD quarterly status report (https://www.freebsd.org/news/status/report-2014-04-2014-06.html) FreeBSD has gotten quite a lot done this quarter Changes in the way release branches are supported - major releases will get at least five years over their lifespan A new automounter is in the works, hoping to replace amd (which has some issues) The CAM target layer and RPC stack have gotten some major optimization and speed boosts Work on ZFSGuru continues, with a large status report specifically for that The report also mentioned some new committers, both source and ports It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" *** A new OpenBSD HTTPD is born (http://undeadly.org/cgi?action=article&sid=20140724094043) Work has begun on a new HTTP daemon in the OpenBSD base system A lot of people are asking (http://www.reddit.com/r/BSD/comments/2b7azm/openbsd_gets_its_own_http_server/) "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist? Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement) It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter This has the added benefit of the usual, easy-to-understand syntax and privilege separation There's a very brief man page (http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8) online already It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) *** pkgng 1.3 announced (https://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-July/000084.html) The newest version of FreeBSD's second generation package management system (http://www.bsdnow.tv/tutorials/pkgng) has been released, with lots of new features It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!) Lots of the code has been sandboxed for extra security You'll probably notice some new changes to the UI too, making things more user friendly A few days later 1.3.1 (https://svnweb.freebsd.org/ports?view=revision&sortby=date&revision=362996) was released to fix a few small bugs, then 1.3.2 (https://svnweb.freebsd.org/ports?view=revision&revision=363108) shortly thereafter and 1.3.3 (https://svnweb.freebsd.org/ports?view=revision&revision=363363) yesterday *** FreeBSD after-install security tasks (http://twisteddaemon.com/post/92921205276/freebsd-installed-your-next-five-moves-should-be) A number of people have written in to ask us "how do I secure my BSD box after I install it?" With this blog post, hopefully most of their questions will finally be answered in detail It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things Not only does it just list things to do, but the post also does a good job of explaining why you should do them Maybe we'll see some more posts in this series in the future *** Interview - Brent Cook - bcook@openbsd.org (mailto:bcook@openbsd.org) / @busterbcook (https://twitter.com/busterbcook) LibreSSL's portable version and development News Roundup FreeBSD Mastery - Storage Essentials (https://www.tiltedwindmillpress.com/?product=freebsd-mastery-storage-essentials) MWL (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop)'s new book about the FreeBSD storage subsystems now has an early draft available Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance You'll get access to the completed (e)book when it's done if you buy the early draft The suggested price is $8 *** Why BSD and not Linux? (http://www.reddit.com/r/BSD/comments/2buea5/why_bsd_and_not_linux_or_why_linux_and_not_bsd/) Yet another thread comes up asking why you should choose BSD over Linux or vice-versa Lots of good responses from users of the various BSDs Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity." And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS." Some other users share their switching experiences - worth a read *** More g2k14 hackathon reports (http://undeadly.org/cgi?action=article&sid=20140724161550) Following up from last week's huge list (http://www.bsdnow.tv/episodes/2014_07_23-des_challenge_iv) of hackathon reports, we have a few more Landry Breuil (http://undeadly.org/cgi?action=article&sid=20140724161550) spent some time with Ansible testing his infrastructure, worked on the firefox port and tried to push some of their patches upstream Andrew Fresh (http://undeadly.org/cgi?action=article&sid=20140728122850) enjoyed his first hackathon, pushing OpenBSD's perl patches upstream and got tricked into rewriting the adduser utility in perl Ted Unangst (http://undeadly.org/cgi?action=article&sid=20140729070721) did his usual "teduing" (removing of) old code - say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap and bluetooth Luckily we didn't have to cover 20 new ones this time! *** BSDTalk episode 243 (http://bsdtalk.blogspot.com/2014/07/mandoc-with-ingo-schwarze.html) The newest episode of BSDTalk (http://www.bsdnow.tv/episodes/2014_03_05-bsd_now_vs_bsdtalk) is out, featuring an interview with Ingo Schwarze of the OpenBSD team The main topic of discussion is mandoc, which some users might not be familiar with mandoc is a utility for formatting manpages that OpenBSD and NetBSD use (DragonFlyBSD and FreeBSD include it in their source tree, but it's not built by default) We'll catch up to you soon, Will! *** Feedback/Questions Thomas writes in (http://slexy.org/view/s2xLRQytAZ) Stephen writes in (http://slexy.org/view/s21AYng20n) Sha'ul writes in (http://slexy.org/view/s2DwLRdQDS) Florian writes in (http://slexy.org/view/s2E05L31BC) Bob Beck writes in (http://slexy.org/view/s21Nmg3Jrk) - and note the "Caution" section that was added to libressl.org (http://www.libressl.org/) ***
47: DES Challenge IV
Coming up this week on the show! We've got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like. The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines g2k14 hackathon reports (http://www.openbsd.org/hackathons.html) Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon Lots of work got done - in just the first two weeks of July, there were over 1000 commits (http://marc.info/?l=openbsd-cvs&r=1&b=201407&w=2) to their CVS tree Some of the developers wrote in to document what they were up to at the event Bob Beck (http://undeadly.org/cgi?action=article&sid=20140713220618) planned to work on kernel stuff, but then "LibreSSL happened" and he spent most of his time working on that Miod Vallat (http://undeadly.org/cgi?action=article&sid=20140718072312) also tells about his LibreSSL experiences Brent Cook (http://undeadly.org/cgi?action=article&sid=20140718090456), a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!) Henning Brauer (http://undeadly.org/cgi?action=article&sid=20140714094454) worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6) Martin Pieuchot (http://undeadly.org/cgi?action=article&sid=20140714191912) fixed some bugs in the USB stack, softraid and misc other things Marc Espie (http://undeadly.org/cgi?action=article&sid=20140714202157) improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency Martin Pelikan (http://undeadly.org/cgi?action=article&sid=20140715120259) integrated read-only ext4 support Vadim Zhukov (http://undeadly.org/cgi?action=article&sid=20140715094848) did lots of ports work, including working on KDE4 Theo de Raadt (http://undeadly.org/cgi?action=article&sid=20140715212333) created a new, more secure system call, "sendsyslog" and did a lot of work with /etc, sysmerge and the rc scripts Paul Irofti (http://undeadly.org/cgi?action=article&sid=20140718134017) worked on the USB stack, specifically for the Octeon platform Sebastian Benoit (http://undeadly.org/cgi?action=article&sid=20140719104939) worked on relayd filters and IPv6 code Jasper Lievisse Adriaanse (http://undeadly.org/cgi?action=article&sid=20140719134058) did work with puppet, packages and the bootloader Jonathan Gray (http://undeadly.org/cgi?action=article&sid=20140719082410) imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection Stefan Sperling (http://undeadly.org/cgi?action=article&sid=20140721125235) fixed a lot of issues with wireless drivers Florian Obser (http://undeadly.org/cgi?action=article&sid=20140721125020) did many things related to IPv6 Ingo Schwarze (http://undeadly.org/cgi?action=article&sid=20140721090411) worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface Ken Westerback (http://undeadly.org/cgi?action=article&sid=20140722071413) hacked on dhclient and dhcpd, and also got dump working on 4k sector drives Matthieu Herrb (http://undeadly.org/cgi?action=article&sid=20140723142224) worked on updating and modernizing parts of xenocara *** FreeBSD pf discussion takes off (https://lists.freebsd.org/pipermail/freebsd-questions/2014-July/259292.html) Concerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the "questions" and "current" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes) Straight from the SMP FreeBSD pf maintainer: "no one right now [is actively developing pf on FreeBSD]" Searching for documentation online for pf is troublesome because there are two incompatible syntaxes FreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating There's also the issue of importing patches from pfSense, but most of those still haven't been done either Lots of disagreement among developers vs. users... Many users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested Henning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions Gleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as "uncorroborated claims" (but neither side has provided any public benchmarks) Gleb had to abandon his work on FreeBSD's pf because funding ran out *** LibreSSL progress update (http://linux.slashdot.org/story/14/07/16/1950235/libressl-prng-vulnerability-patched) LibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago (http://marc.info/?l=openbsd-tech&m=140599450206255&w=2) Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list However, there has already been some drama... with Linux users There was a problem with Linux's PRNG, and LibreSSL was unforgiving (https://twitter.com/MiodVallat/status/489122763610021888) of it, not making an effort to randomize something that could not provide real entropy This "problem" doesn't affect OpenBSD's native implementation, only the portable version The developers (http://www.securityweek.com/openbsd-downplays-prng-vulnerability-libressl) decide to weigh in (http://www.tedunangst.com/flak/post/wrapping-pids-for-fun-and-profit) to calm the misinformation and rage A fix was added in 2.0.2, and Linux may even get a new system call (http://thread.gmane.org/gmane.linux.kernel.cryptoapi/11666) to handle this properly now - remember to say thanks, guys Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) has a really good post (http://www.tedunangst.com/flak/post/this-is-why-software-sucks) about the whole situation, definitely check it out As a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it *** Preparation for NetBSD 7 (http://mail-index.netbsd.org/current-users/2014/07/13/msg025234.html) The release process for NetBSD 7.0 is finally underway The netbsd-7 CVS branch should be created around July 26th, which marks the start of the first beta period, which will be lasting until September If you run NetBSD, that'll be a great time to help test on as many platforms as you can (this is especially true on custom embedded applications) They're also looking for some help updating documentation and fixing any bugs that get reported Another formal announcement will be made when the beta binaries are up *** Interview - Dag-Erling Smørgrav - des@freebsd.org (mailto:des@freebsd.org) / @RealEvilDES (https://twitter.com/RealEvilDES) The role of the FreeBSD Security Officer, recent ports features, various topics News Roundup BSDCan ports and packages WG (http://blogs.freebsdish.org/portmgr/2014/07/18/bsdcan-2014-ports-and-packages-wg/) Back at BSDCan this year, there was a special event for discussion of FreeBSD ports and packages Bapt talked about package building, poudriere and the systems the foundation funded for compiling packages There's also some detail about the signing infrastructure and different mirrors Ports people and source people need to talk more often about ABI breakage The post also includes information about pkg 1.3, the old pkg tools' EOL, the quarterly stable package sets and a lot more (it's a huge post!) *** Cross-compiling ports with QEMU and poudriere (http://blog.ignoranthack.me/?p=212) With recent QEMU features, you can basically chroot into a completely different architecture This article goes through the process of building ARMv6 packages on a normal X86 box Note though that this requires 10-STABLE or 11-CURRENT and an extra patch for QEMU right now The poudriere-devel port now has a "qemu user" option that will pull in all the requirements Hopefully this will pave the way for official pkgng packages on those lesser-used architectures *** Cloning FreeBSD with ZFS send (http://blather.michaelwlucas.com/archives/2108) For a FreeBSD mail server that MWL runs, he wanted to have a way to easily restore the whole system if something were to happen This post shows his entire process in creating a mirror machine, using ZFS for everything The "zfs send" and "zfs snapshot" commands really come in handy for this He does the whole thing from a live CD, pretty impressive *** FreeBSD Overview series (http://thiagoperrotta.wordpress.com/2014/07/20/here-be-dragons-freebsd-overview-part-i/) A new blog series we stumbled upon about a Linux user switching to BSD In part one, he gives a little background on being "done with Linux distros" and documents his initial experience getting and installing FreeBSD 10 He was pleasantly surprised to be able to use ZFS without jumping through hoops and doing custom kernels Most of what he was used to on Linux was already in the default FreeBSD (except bash...) Part two (http://thiagoperrotta.wordpress.com/2014/07/21/here-be-packages-freebsd-overview-part-ii/) documents his experiences with pkgng and ports *** Feedback/Questions Bostjan writes in (http://slexy.org/view/s214FYbOKL) Rick writes in (http://slexy.org/view/s21cWLhzj4) Clint writes in (http://slexy.org/view/s21A4grtH0) Esteban writes in (http://slexy.org/view/s27fQHz8Se) Ben writes in (http://slexy.org/view/s21QscO4Cr) Matt sends in pictures of his FreeBSD CD collection (https://imgur.com/a/Ah444) ***
46: Network Iodometry
We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines EuroBSDCon 2014 registration open (http://2014.eurobsdcon.org/registration/) September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th Tutorials, sessions, dev summits and everything else all have their own pricing as well Registering between August 18th - September 12th will cost more for everything You can register online here (http://registration.eurobsdcon.org/) and check hotels in the area (http://2014.eurobsdcon.org/registration/travel-and-stay/hotels) The FreeBSD foundation is also accepting applications (https://lists.freebsd.org/pipermail/freebsd-announce/2014-July/001577.html) for travel grants *** OpenBSD SMP PF update (http://marc.info/?t=140440541000002&r=1&w=2) A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump In a recent mailing list thread, Henning Brauer (http://www.bsdnow.tv/episodes/2013_10_30-current_events) addresses some of the concerns The short version (http://marc.info/?l=openbsd-misc&m=140479174521071&w=2) is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless He also says (http://marc.info/?l=openbsd-misc&m=140481012425889&w=2) PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through There's also been even more recent concern (https://lists.freebsd.org/pipermail/freebsd-pf/2014-July/thread.html) about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us *** Introduction to NetBSD pkgsrc (http://saveosx.org/pkgsrc-intro/) An article from one of our listeners about how to create a new pkgsrc port or fix one that you need The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format It also lists all the different bmake targets and their functions in relation to the porting process Finally, the post details the whole process of creating a new port *** FreeBSD 9.3-RELEASE (https://www.freebsd.org/releases/9.3R/relnotes.html) After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today (https://www.freebsd.org/releases/9.3R/schedule.html) but actually came out yesterday The full list of changes (https://www.freebsd.org/releases/9.3R/relnotes.html) is available, but it's mostly a smaller maintenance release Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon Good news, this will be the first release (https://twitter.com/evilgjb/status/485909719522222080) with PGP-signed checksums on the FTP mirrors - a very welcome change With that out of the way, the 10.1-RELEASE schedule was posted (https://www.freebsd.org/releases/10.1R/schedule.html) *** Interview - Bryan Drewery - bdrewery@freebsd.org (mailto:bdrewery@freebsd.org) / @bdrewery (https://twitter.com/bdrewery) The FreeBSD package building cluster, pkgng, ports, various topics Tutorial Tunneling traffic through DNS (http://www.bsdnow.tv/tutorials/ssh-dns) News Roundup SSH two-factor authentication on FreeBSD (http://blog.feld.me/posts/2014/07/ssh-two-factor-authentication-on-freebsd/) We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website This blog post tells you how to do exactly that, but with your Google account and the pamgoogleauthenticator port Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally It's a really, really simple process once you have the port installed - full details on the page *** Ditch tape backup in favor of FreeNAS (http://www.darvilleit.com/why-i-ditched-tape-backup-for-a-custom-made-freenas-backup/) The author of this post shares some of his horrible experiences with tape backups for a client Having constant, daily errors and failed backups, he needed to find another solution With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS) The rest of the article details his experiences with it and tells about his setup *** NetBSD vs FreeBSD, desktop experiences (http://imil.net/wp/2014/07/02/back-to-2000-2005-freebsd-desktop-2/) A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver "Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga." He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system *** PCBSD not-so-weekly digest (http://blog.pcbsd.org/2014/07/pc-bsd-feature-digest-31-warden-cli-upgrade-irc-announcement/) Speaking of choices for a desktop system, it's the return of the PCBSD digest! Warden and PBI_add have gotten some interesting new features You can now create jails "on the fly" when adding a new PBI to your application library Bulk jail creation is also possible now, and it's really easy New Jenkins integration, with public access to poudriere logs as well (http://builds.pcbsd.org) PkgNG 1.3.0.rc2 testing for EDGE users *** Feedback/Questions Jeff writes in (http://slexy.org/view/s21D05MP0t) - Sending Encrypted Backups over SSH (http://allanjude.com/zfs_handbook/zfs-zfs.html#zfs-send-ssh) + Sending ZFS snapshots via user (http://wiki.pcbsd.org/index.php/Life_Preserver/10.0#Backing_Up_to_a_FreeNAS_System) Bruce writes in (http://slexy.org/view/s2lzo1swzo) Richard writes in (http://slexy.org/view/s20z841ean) Jeff writes in (http://slexy.org/view/s2QYc8BOAo) - NYCBUG dmesg list (http://www.nycbug.org/index.cgi?action=dmesgd) Steve writes in (http://slexy.org/view/s2V2e1m7S7) ***