Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day.
Similar Podcasts
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Programming Throwdown
Programming Throwdown educates Computer Scientists and Software Engineers on a cavalcade of programming and tech topics. Every show will cover a new programming language, so listeners will be able to speak intelligently about any programming language.
7: Go Directly to Jail(8)
On this week's show, you'll be getting the full jail treatment. We'll show you how to create and deploy BSD jails, as well as chatting with Poul-Henning Kamp - the guy who actually invented them! There's lots of interesting news items to cover as well, so stay tuned to BSD Now - the place to B.. SD. Headlines FreeBSD turns it up to 11 (https://lists.freebsd.org/pipermail/svn-src-head/2013-October/052141.html) The -CURRENT branch is now known as 11 10 has been branched to -STABLE 10-BETA1 ISOs are available now Will be the next -RELEASE, probably next year *** Stopping the SSH bruteforce with BSD and pf (http://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html) The Hail Mary Cloud is an SSH bruteforce botnet that takes a different approach While most botnets pound port 22 rapidly, THMB does it very slowly and passively This makes prevention based on rate limiting more involved and complex Nice long blog post about some potential solutions (http://home.nuug.no/~peter/pf/en/bruteforce.html) and what we've learned *** ZFS and GELI in bsdinstall coming soon (http://freshbsd.org/commit/freebsd/r256343/) The man with the beard (http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities) strikes again, new patch allows for ZFS-on-root installs Supports GELI for disk encryption Might be the push we need to make Michael W Lucas update (https://twitter.com/mwlauthor/status/389524644983611392) his FreeBSD book *** AsiaBSDCon 2014 announced (http://2014.asiabsdcon.org/) Will be held in Tokyo, 13-16 March, 2014 The conference is for anyone developing, deploying and using systems based on FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, Darwin and Mac OS X Call for papers can be found here (http://2014.asiabsdcon.org/cfp.html) *** Interview - Poul-Henning Kamp - phk@freebsd.org (mailto:phk@freebsd.org) / @bsdphk (https://twitter.com/bsdphk) FreeBSD beginnings, md5crypt, jails, varnish and his... telescope project? Tutorial Everything you need to know about Jails (http://www.bsdnow.tv/tutorials/jails) News Roundup New pf queue system (http://freshbsd.org/commit/openbsd/c4661054d1882026efca919b6cd9cf958a8698b4) Henning Brauer committed the new kernel-side bandwidth shaping subsystem Uses the HFSC algorithm behind the scenes ALTQ to be retired "in a release or two" - everyone should migrate soon *** Dragonfly imports FreeBSD KMS driver (http://lists.dragonflybsd.org/pipermail/commits/2013-October/198282.html) Hot on the trails of OpenBSD and later FreeBSD, Dragonfly gets AMD KMS Ported over from the FreeBSD port *** Get paid to hack OpenSSH (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-October/031695.html) Google has announced they will pay up to $3113.70 for security patches to OpenSSH Patches can fix security or improve security If you come up with something, send it to the OpenSSH guys *** Feedback/Questions Darren writes in (http://slexy.org/view/s24RmwvEvE) Kjell-Aleksander writes in (http://slexy.org/view/s2wFcFk9Yz) Ryan writes in (http://slexy.org/view/s23e920gNG) Alexander writes in (http://slexy.org/view/s2usxPqO9k) ***
6: Doing It de Raadt Way
On this week's episode we'll show you how to securely run graphical applications in a jail, we sit down and chat with OpenBSD founder Theo de Raadt and, as always, get you caught up on all the latest news. All that and more, this week on BSD Now - the place to B.. SD. Headlines HAMMER2 GSOC improvements merged (http://lists.dragonflybsd.org/pipermail/commits/2013-September/198111.html) A student from the Google Summer of Code's patches were committed to upstream Dragonfly It focuses mainly on compression and updating the I/O infrastructure to work with compression The ability to boot from (http://lists.dragonflybsd.org/pipermail/commits/2013-September/198166.html) HAMMER2 volumes was also added Check the show notes for a full list of additions and improvements We'll have someone on the show to talk about HAMMER FS in the future *** OSNews starts a "BSD family" segment (http://www.osnews.com/story/27348/The_BSD_family_pt_1_FreeBSD_9_1) An OSNews reader decided to share some info about the BSDs He's writing a three-part series covering FreeBSD, OpenBSD and NetBSD Pretty good info for Linux switchers *** pkgsrc-2013Q3 branch announcement (http://mail-index.netbsd.org/tech-pkg/2013/10/04/msg012093.html) pkgsrc is similar to the ports concept, but for 21 different OSes The pkgsrc developers make a new release every three months. 13184 total packages for AMD64 If there's any interest, we'll try to get a pkgsrc tutorial written in the future *** PCBSD 9.2 released (http://lists.pcbsd.org/pipermail/announce/2013-October/000055.html) Shortly after the official FreeBSD 9.2 release, PCBSD follows up Highlights include bootable ZFS boot environments, a rewritten life-preserver utility for backups, improved pkgng support, updated appcafe, major improvements to warden, a GUI pkgng management system, filesystem-based encryption for home directories and much more *** Interview - Theo de Raadt - deraadt@openbsd.org (mailto:deraadt@openbsd.org) The OpenBSD project Tutorial Jailed VNC sessions (http://www.bsdnow.tv/tutorials/jailedvnc) News Roundup Curve25519 patch for OpenSSH (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-September/031659.html) Because of recent NSA news, someone implemented an alternative key exchange mechanism It uses Curve25519 instead of the traditional Diffie-Hellman Comes from the developer of libssh and is already implemented there *** FreeBSD 10-ALPHA5 is out (https://lists.freebsd.org/pipermail/freebsd-current/2013-October/045097.html) Includes the big removal of BIND More GNU stuff removed Bhyve and XEN improvements Some LLVM fixes *** M:Tier offering "Long Time Support" for OpenBSD ports (http://www.mtier.org/index.php/news/openbsd-ports-lt-support/) Starting with 5.4, M:Tier will be offering a subscription for LTS support, in addition to their free 6 month version OpenBSD releases are only supported for 1 year normally (5.2 becomes unsupported when 5.4 comes out, etc.) This model makes it easier to keep your ports patched for security in a corporate environment *** Ohio Linuxfest talks uploaded (https://ia801008.us.archive.org/7/items/OhioLinuxfest2013/) The OLF 2013 talks have been uploaded Includes Kirk Mckusick's keynote about building an open source community and Ken Moore's talk about lots of new PCBSD stuff *** Theo's absence and other updates (http://marc.info/?l=openbsd-misc&m=138110694921068&w=2) In an uncharacteristic manner, Theo started a thread on misc@ instead of finishing it For the last year, he's not been as involved in OpenBSD development He's been busy with setting up an Internet Exchange in Calgary Also mentions some troubles with an imposter Twitter account *** Feedback/Questions Kenneth writes in (http://slexy.org/view/s24yODHGaW) Jason writes in (http://slexy.org/view/s21SbqaOPi) Alex writes in (http://slexy.org/view/s2yY3vHoIo) Henson writes in (http://slexy.org/view/s20fT5VHBC) ***
5: Stacks of Cache
After returning from a successful EuroBSDCon in Malta, we're back to get you caught up on all the latest news! We've got stories, interviews and a special treat for OpenBSD fans later in the show. All that and more on this week's BSD Now, the place to B.. SD. Headlines FreeBSD 9.2 released (https://www.freebsd.org/releases/9.2R/relnotes.html) FreeBSD 9.2-RELEASE is finally out Highlights include ZFS TRIM and LZ4 support, virtio drivers, dtrace and OpenSSH updates as well as lots of driver improvements Will be supported until 2014-09-30 Get out there and freebsd-update or buildworld! *** Four new NetBSD releases (https://blog.netbsd.org/tnf/entry/netbsd_5_2_1_and) NetBSD 5.2 and 5.1 branches get security and bugfix updates The 6.1 and 6.0 branches were updated soon after (https://blog.netbsd.org/tnf/entry/netbsd_6_1_2_and), also with security updates and bug fixes Check the show notes for the full changelog *** BIND being replaced by unbound in FreeBSD (http://freshbsd.org/commit/freebsd/r255597) Most FreeBSD users are familiar with BIND from the security notifications It has has many vulnerabilities over the years, and we’ll finally be rid of it (http://blog.des.no/2013/09/dns-in-freebsd-10/) Being replaced with unbound and ldns, everyone rejoices (http://blog.des.no/2013/09/dns-again-a-clarification/) As of September 24th (https://svnweb.freebsd.org/base?view=revision&revision=255850), BIND is no longer built by default As of September 30th (http://freshbsd.org/commit/freebsd/r255949), BIND was completely removed Includes an easy to use script (http://freshbsd.org/commit/freebsd/r255809) for local DNS OpenBSD also has unbound in base (http://marc.info/?l=openbsd-cvs&m=137984954228414&w=2), but it's not built by default yet *** DragonflyBSD future plans (http://lists.dragonflybsd.org/pipermail/kernel/2013-September/062975.html) An announcement was posted that details some possible plans for Dragonfly dports (their version of FreeBSD ports) will be switching to GCC 4.7 i915 support is probably going to be in version 3.6 Work is being done on HAMMER 2, but it won't make it to 3.6 3.6 is also likely going to ditch pkgsrc as the default in favor of dports, due to a hugely positive reaction from the community *** FreeBSD ports get Stack Protector support (https://lists.freebsd.org/pipermail/freebsd-ports-announce/2013-September/000066.html) Some portsnap users noticed a massive sweep of every port being updated Shortly after, stack protector (https://en.wikipedia.org/wiki/Buffer_overflow_protection) support was announced by Bryan Drewery Only works on i386 and AMD64 on FreeBSD 10 and AMD64 on 9 Hopefully will become the default, but needs to go through some testing and exp-runs *** EuroBSDCon 2013 wrap-up chat BSD Now is back from EuroBSDCon with lots of stories We picked up an OpenBSD 5.4 CD set at EuroBSDCon, before the official release We'll give a little showcase of what's inside, they put a lot of effort into it Comes with the OS, source code, stickers, music, cool other stuff Consider supporting the OpenBSD project (http://www.openbsd.org/orders.html) *** Interview - Marshall Kirk McKusick - mckusick@freebsd.org (mailto:mckusick@freebsd.org) Various topics Tutorial Faster recompiles with ccache and tmpfs (http://www.bsdnow.tv/tutorials/ccache) News Roundup List of vBSDCon speakers posted (http://blog.hostileadmin.com/2013/09/09/reminder-vbsdcon-registrations-are-open/) Registration will be open until October 23rd Presentations covering FreeBSD, OpenBSD, FreeNAS and others *** Xen PVHVM added to GENERIC (https://svnweb.freebsd.org/base?view=revision&revision=255744) It's now possible to run FreeBSD 10 under Xen with the GENERIC kernel freebsd-update will work now With FreeBSD 10 ALPHA 4 (https://lists.freebsd.org/pipermail/freebsd-snapshots/2013-September/000045.html) just being released, should be interesting We should call the new kernel "XENERIC" *** Dragonfly AMD KMS port (http://lists.dragonflybsd.org/pipermail/kernel/2013-September/062993.html) A Dragonfly user has started porting the new FreeBSD AMD KMS driver Still a work in progress, asking for help from the community *** NetBSD gets an nVidia driver (http://mail-index.netbsd.org/source-changes/2013/09/18/msg047712.html) NetBSD gets a preliminary nVidia driver So far only supports the GeForce 2MX, so not a lot of use just yet No acceleration yet, but it's a start *** FreeBSD cracks the top 10 on DistroWatch (http://distrowatch.com/dwres.php?resource=popularity) Over the last year FreeBSD has steadily moved up the rankings from #18 to #10 Increasing from an average of 570 to 779 hits per day Surpassed CentOS, Puppy Linux and Slackware *** Feedback/Questions Charlie writes in (http://slexy.org/view/s21jRKf7lp) Kjell-Aleksander writes in (http://slexy.org/view/s2M0OKmxMK) Stefen writes in (http://slexy.org/view/s2YlVuhhUa) Sichendra writes in (http://slexy.org/view/s2P7KtE5x2) ***
4: Teskeing the Possibilities
This week we’re at EuroBSDCon (http://2013.eurobsdcon.org/), so we’ve just got an interview for you today. BSD Now will be back next week with a normal episode and lots of stories from the conference. We’ll also try to get some more interviews there. For today, though, we talk to Devin Teske about his work with bsdinstall, bsdconfig and all the other interesting things he’s been up to lately. Interview - Devin Teske - dteske@freebsd.org (mailto:dteske@freebsd.org) / @devinteske (https://twitter.com/devinteske) bsdconfig, bsdinstall, sysrc and fdpv
3: MX with TTX
We follow up last week's poudriere tutorial with a segment about using pkgng, we talk with the developers of OpenSMTPD about running a mail server OpenBSD-style, answer YOUR questions and, of course, discuss all the latest news. All that and more on BSD Now! The place to B... SD. Headlines pfSense 2.1-RELEASE is out (http://blog.pfsense.org/?p=712) Now based on FreeBSD 8.3 Lots of IPv6 features added Security updates, bug fixes, driver updates PBI package support Way too many updates to list, see the full list (https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes) *** New kernel based iSCSI stack comes to FreeBSD (https://lists.freebsd.org/pipermail/freebsd-current/2013-September/044237.html) Brief explanation of iSCSI This work replaces the older userland iscsi target daemon and improves the in-kernel iscsi initiator Target layer consists of: ctld(8), a userspace daemon responsible for handling configuration, listening for incoming connections, etc, then handing off connections to the kernel after the iSCSI Login phase iSCSI frontend to CAM Target Layer, which handles Full Feature phase. The work is being sponsored by FreeBSD Foundation Commit here (http://freshbsd.org/commit/freebsd/r255570) *** MTier creates openup utility for OpenBSD (http://www.mtier.org/index.php/solutions/apps/openup/) MTier provides a number of things for the OpenBSD community For example, regularly updated (for security) stable packages from their custom repo openup is a utility to easily check for security updates in both base and packages It uses the regular pkg tools, nothing custom-made Can be run from cron, but only emails the admin instead of automatically updating *** OpenSSH in FreeBSD -CURRENT supports DNSSEC (https://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html) OpenSSH in base is now compiled with DNSSEC support In this case the default setting for ‘VerifyHostKeyDNS' is yes OpenSSH will silently trust DNSSEC-signed SSHFP records It is the secteam's opinion that this is better than teaching users to blindly hit “yes” each time they encounter a new key *** Interview - Gilles Chehade & Eric Faurot - gilles@poolp.org (mailto:gilles@poolp.org) / @poolpOrg (https://twitter.com/poolpOrg) & eric@openbsd.org (mailto:eric@openbsd.org) / @opensmtpd (https://twitter.com/opensmtpd) OpenSMTPD Tutorial Binary packages with pkgng (http://www.bsdnow.tv/tutorials/pkgng) News Roundup New progress with Newcons (http://raybsd.blogspot.com/2013/08/newcons-beginning.html) Newcons is a replacement console driver for FreeBSD Supports unicode, better graphics modes and bigger fonts Progress is being made, but it's not finished yet *** relayd gets PFS support (http://freshbsd.org/commit/openbsd/7e7bd0a7f61ea0005b5c2f763364ff8dfce03fe2) relayd is a load balancer for OpenBSD which does protocol layers 3, 4, and 7 Currently being ported to FreeBSD. There is a WIP port (https://www.freshports.org/net/relayd/) Works by negotiating ECDHE (Elliptic curve Diffie-Hellman) between the remote site and relayd to enable TLS/SSL Perfect Forward Secrecy, even when the client does not support it *** OpenZFS Launches (http://open-zfs.org/wiki/Main_Page) Slides from LinuxCon (http://www.slideshare.net/MatthewAhrens/open-zfs-linuxcon) Will feature ‘Office Hours' (Ask an Expert) Goal is to reduce the differences between various open source implementations of ZFS, both user facing and pure lines of code *** FreeBSD 10-CURRENT becomes 10.0-ALPHA (http://freshbsd.org/commit/freebsd/r255489) Glen Barber tagged the -CURRENT branch as 10.0-ALPHA In preparation for 10.0-RELEASE, ALPHA2 as of 9/16 Everyone was rushing to get their big commits in before 10-STABLE, which will be branched soon 10 is gonna be HUGE (https://wiki.freebsd.org/WhatsNew/FreeBSD10) *** September issue of BSD Mag (http://bsdmag.org/magazine/1848-day-to-day-bsd-administration) BSD Mag is a monthly online magazine about the BSDs This month's issue has some content written by Kris Topics include MidnightBSD live cds, server maintenance, turning a Mac Mini into a wireless access point with OpenBSD, server monitoring, FreeBSD programming, PEFS encryption and a brief introduction to ZFS *** The FreeBSD IRC channel is official For many years, the FreeBSD freenode channel has been “unofficial” with a double-hash prefix Finally it has freenode's blessing and looks like a normal channel! The old one will forward to the new one, so your IRC clients don't need updating *** OpenSSH 6.3 released (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-September/031638.html) After a big delay, Damien Miller announced the release of 6.3 Mostly a bugfix release, with a few new features Of note, SFTP now supports resuming failed downloads via -a *** Feedback/Questions [James writes in](http://slexy.org/view/s2wBbbSWGz] [Elias writes in](http://slexy.org/view/s2LMDF3PYx] [Gabor writes in](http://slexy.org/view/s2aCodo65X] Possibly the coolest feedback we've gotten thus far: Baptiste Daroussin, leader of the FreeBSD ports management team and author of poudriere and pkgng, has put up the BSD Now poudriere tutorial on the official documentation! ***
2: Engineering and Powder Kegs
After a wildly successful debut episode, BSD Now is BACK to talk with Glen Barber from the FreeBSD Release team, show you how to build your own binary package repository and discuss the latest BSD news! Headlines 64bit time in OpenBSD (http://undeadly.org/cgi?action=article&sid=20130813072244) Many operating systems face an upcoming challenge, similar to (but more complicated than) Y2K: Y2038. All of the BSDs and most other operating systems track time by counting the seconds since Jan 1st, 1970. In 2038 this value will reach the maximum value of a signed 32 bit integer. Simply changing to a 64 bit counter may not be the best solution, because there may still be 32 bit systems in use for embedded applications Theo will be giving the keynote at EuroBSDCon on the subject, explaining how OpenBSD has implemented the solution ABI incompatibility. Updating to this kernel requires extra work or you won't be able to login: install a snapshot instead. Upgrading by source is for the insane only. (http://www.openbsd.org/faq/current.html#20130813) AESNI pipelining gets a speed boost (http://freshbsd.org/commit/freebsd/r255187) AES-NI is a new processor instruction available on modern Intel and AMD chips that provides hardware acceleration for AES encryption and decryption. This feature is especially useful for encrypted disks, because it removes most of the performance penalty traditionally associated with encryption The new commit has the instructions pipelined, so there is no latency between the instructions Uses SSE2 instructions for calculating XTS tweak factor for further increased performance GELI based disk encryption performance increased by 3x on capable CPUs Should affect PEFS and other AES backed encryption schemes as well Full disk encryption should be more or less transparent now *** OpenBSD 5.4 Preorders (http://openbsd.org/orders.html) Every 6 months there is a new OpenBSD version They include a fun song and nicely-packaged CD set The proceeds from sale of these products is the primary funding of the OpenBSD project The official ISOs will be uploaded on November 1st *** GCC no longer built by default on FreeBSD -CURRENT (https://svnweb.freebsd.org/base?view=revision&revision=255321) On platforms where clang is the default compiler, don't build gcc or libstdc++ GCC is still enabled on PC98, because the PC98 bootloader requires GCC to build While the base FreeBSD system has been built by clang for a long time, this change also covers the ports tree *** Patch to update Xorg and MESA on FreeBSD (http://lists.freebsd.org/pipermail/freebsd-x11/2013-September/013599.html) Updates xorg drivers Expected to be committed in about 2 weeks Adds option to use devd instead of HAL for X configuration Updates the MESA stack (9.1.6), libGL, DRI, etc Enables KMS for AMD/ATI cards Mesa 9.2 is available with xorg-dev, OpenBSD has also recently upgraded to Mesa 9.2 for their stable version of Xorg *** Interview - Glen Barber - gjb@freebsd.org (mailto:gjb@freebsd.org) / @evilgjb (https://twitter.com/evilgjb) FreeBSD Release Engineering Tutorial Making your own binary repository (http://www.bsdnow.tv/tutorials/poudriere) The Place to B...SD iXsystems hosts FreeBSD Anniversary party (http://www.ixsystems.com/resources/ix/news/ixsystems-to-once-again-host-freebsd-anniversary-celebration.html) Celebrating FreeBSD’s 20th anniversary Saturday, November 2nd at the DNA Lounge in San Francisco Notable FreeBSD figures will contribute words of wisdom on the past, present, and future of FreeBSD *** News Roundup NetBSD gets basic support for the cubieboard 1 & 2 (http://mail-index.netbsd.org/source-changes/2013/09/04/msg047155.html) Very preliminary support for cubieboard 1 & 2 based on the Allwinner A10 & A20 SoCs Many drivers are "stubs with autoconf glue" Contributed by Matt Thomas *** Rayservers ditches Linux for BSD (http://rayservers.com/blog/the-freebsd-daemon-is-off-to-do-battle-in-the-name-of-christ) Used them all, Windows, Mac, OpenBSD, Linux Needed PF, ZFS, disk encryption, lots of networking features, better security In Linux, "The new cgroups based memory management ran out of memory - on a 256 GB RAM system whilst it was not using more than 40." BSD now protects the privacy of their email users *** HPN for OpenSSH 6.2 (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-August/031614.html) High Performance Networking (http://www.psc.edu/index.php/hpn-ssh) is an SSH patchset to improve transfer speeds by removing the fixed window size and take better advantage of TCP Maintained as a patchset separate from OpenSSH First integrated into FreeBSD base as of 9.0 Updated to support 6.2 (available in the ports tree as security/openssh-portable) The HPN patch set also includes threaded AES-CTR support to increase performance and take advantage of multiple CPU cores for encryption. In this latest patch, threaded AES-CTR now works in all situations (it failed in some specific situations previously). Expected performance increase is ~50% NONE cipher is now separate from the main patch set. The NONE cipher allows tools like scp and sftp to switch off the encryption for file transfers (when specifically told to do so) to keep encryption from bottlenecking performance and wasting CPU time *** Call for testing: OpenSSH-6.3 (https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-July/031550.html) Mostly a bugfix release SFTP now supports resuming partially-downloaded or uploaded transfers More logging features Six weeks after the initial email, still no release. des@ is not pleased. *** pkgsrc gets signing support (http://mail-index.netbsd.org/pkgsrc-users/2013/08/30/msg018511.html) pkgsrc is used on NetBSD, DragonflyBSD and other OSes Comes from an EdgeBSD developer Uses GPG for signing package files Currently just a patch on github and in its infancy Provides a short howto *** FreeBSD vs. Linux: 10 points of superiority (https://forums.freebsd.org/showthread.php?t=41750) New FreeBSD user, ex-Linux user writes about his experience Mentions consistency, documentation, security, filesystems, updates, jails, community Really long post, definitely worth a read *** Feedback/Questions hoopla writes in (http://slexy.org/view/s21SpCcisW) Juergen writes in (http://slexy.org/view/s20vHY9qAK) Sam writes in (http://slexy.org/view/s23uf4vzfQ) Frank writes in (http://slexy.org/view/s2Y0qiXJan) ***
1: BGP & BSD
We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists! Headlines Radeon KMS commited (https://lists.freebsd.org/pipermail/svn-src-head/2013-August/050931.html) Committed by Jean-Sebastien Pedron Brings kernel mode setting to -CURRENT, will be in 10.0-RELEASE (ETA 12/2013) 10-STABLE is expected to be branched in October, to begin the process of stabilizing development Initial testing shows it works well May be merged to 9.X, but due to changes to the VM subsystem this will require a lot of work, and is currently not a priority for the Radeon KMS developer Still suffers from the syscons / KMS switcher issues, same as Intel video More info: https://wiki.freebsd.org/AMD_GPU *** VeriSign Embraces FreeBSD (http://www.eweek.com/enterprise-apps/verisign-embraces-open-source-freebsd-for-diversity/) "BSD is quite literally at the very core foundation of what makes the Internet work" Using BSD and Linux together provides reliability and diversity Verisign gives back to the community, runs vBSDCon "You get comfortable with something because it works well for your particular purposes and can find a good community that you can interact with. That all rang true for us with FreeBSD." *** fetch/libfetch get a makeover (http://freshbsd.org/commit/freebsd/r253680) Adds support for SSL certificate verification Requires root ca bundle (security/rootcanss) Still missing TLS SNI support (Server Name Indication, allows name based virtual hosts over SSL) *** FreeBSD Foundation Semi-Annual Newsletter (http://www.freebsdfoundation.org/press/2013Jul-newsletter) The FreeBSD Foundation took the 20th anniversary of FreeBSD as an opportunity to look at where the project is, and where it might want to go The foundation sets out some basic goals that the project should strive towards: Unify User Experience “ensure that knowledge gained mastering one task translates to the next” “if we do pay attention to consistency, not only will FreeBSD be easier to use, it will be easier to learn” Design for Human and Programmatic Use 200 machines used to be considered a large deployment, with high density servers, blades, virtualization and the cloud, that is not so anymore “the tools we provide for status reporting, configuration, and control of FreeBSD just do not scale or fail to provide the desired user experience” “The FreeBSD of tomorrow needs to give programmability and human interaction equal weighting as requirements” Embrace New Ways to Document FreeBSD More ‘Getting Started’ sections in documentation Link to external How-Tos and other documentation “upgrade the cross-referencing and search tools built into FreeBSD, so FreeBSD, not an Internet search engine, is the best place to learn about FreeBSD” Spring Fundraising Campaign, April 17 - May 31, raised a total of $219,806 from 12 organizations and 365 individual donors. In the same period last year we raised a total of $23,422 from 2 organizations and 53 individuals Funds donated to the FreeBSD Foundation have been used on these projects recently: Capsicum security-component framework Transparent superpages support of the FreeBSD/ARM architecture Expanded and faster IPv6 Native in-kernel iSCSI stack Five New TCP Congestion Control Algorithms Direct mapped I/O to avoid extra memory copies Unified Extensible Firmware Interface (UEFI) boot environment Porting FreeBSD to the Genesi Efika MX SmartBook laptop (ARM-based) NAND Flash filesystem and storage stack Funds were also used to sponsor a number of BSD focused conferences: BSDCan, EuroBSDCon, AsiaBSDCon, BSDDay, NYCBSDCon, vBSDCon, plus Vendor summits and Developer summits It is important that the foundation receive donations from individuals, to maintain their tax exempt status in the USA. Even a donation of $5 helps make it clear that the FreeBSD Foundation is backed by a large community, not only a few vendors Donate Today (http://www.freebsdfoundation.org/donate) *** The place to B...SD Ohio Linuxfest, Sept. 13-15, 2013 (http://ohiolinux.org/schedule) Very BSD friendly Kirk McKusick giving the keynote BSD Certification on the 15th, all other stuff on the 14th Multiple BSD talks *** LinuxCon, Sept. 16-18, 2013 (http://events.linuxfoundation.org/events/linuxcon-north-america) Dru Lavigne and Kris Moore will be manning a FreeBSD booth Number of talks of interest to BSD users, including ZFS coop (http://linuxconcloudopenna2013.sched.org/event/b50b23f3ed3bd728fa0052b54021a2cc?iframe=yes&w=900&sidebar=yes&bg=no) EuroBSDCon, Sept. 26-29, 2013 (http://2013.eurobsdcon.org/eurobsdcon-2013/talks/) Tutorials on the 26 & 27th (plus private FreeBSD DevSummit) 43 talks spread over 3 tracks on the 28 & 29th Keynote by Theo de Raadt Hosted in the picturesque St. Julians Area, Malta (Hilton Conference Centre) *** Interview - Peter Hessler - phessler@openbsd.org (mailto:phessler@openbsd.org) / @phessler (https://twitter.com/phessler) Using BGP to distribute spam blacklists and whitelists Tutorial Using stunnel to hide your traffic from Deep Packet Inspection (http://www.bsdnow.tv/tutorials/stunnel) News Roundup NetBSD 6.1.1 released (https://blog.netbsd.org/tnf/entry/netbsd_6_1_1_released) First security/bug fix update of the NetBSD 6.1 release branch Fixes 4 security vulnerabilities Adds 4 new sysctls to avoid IPv6 DoS attacks Misc. other updates *** Sudo Mastery (http://blather.michaelwlucas.com/archives/1792) MWL is a well-known author of many BSD books Also does SSH, networking, DNSSEC, etc. Next book is about sudo, which comes from OpenBSD (did you know that?) Available for preorder now at a discounted price *** Documentation Infrastructure Enhancements (http://freebsdfoundation.blogspot.com/2013/08/new-funded-project-documentation.html) Gábor Kövesdán has completed a funded project to improve the infrastructure behind the documentation project Will upgrade documentation from DocBook 4.2 to DocBook 4.5 and at the same time migrate to proper XML tools. DSSSL is an old and dead standard, which will not evolve any more. DocBook 5.0 tree added *** FreeBSD FIBs get new features (https://svnweb.freebsd.org/base?view=revision&revision=254943) FIBs (as discussed earlier in the interview) are Forward Information Bases (technical term for a routing table) The FreeBSD kernel can be compiled to allow you to maintain multiple FIBs, creating separate routing tables for different processes or jails In r254943 ps(1) is extended to support a new column ‘fib’, to display which routing table a process is using *** FreeNAS 9.1.0 and 9.1.1 released (http://www.ixsystems.com/resources/ix/news/ixsystems-announces-revolutionary-freenas-910-release.html) Many improvements in nearly all areas, big upgrade Based on FreeBSD 9-STABLE, lots of new ZFS features Cherry picked some features from 10-CURRENT New volume manager and easy to use plugin management system 9.1.1 released shortly thereafter to fix a few UI and plugin bugs *** BSD licensed "patch" becomes default (http://freshbsd.org/commit/freebsd/r253689) bsdpatch has become mature, does what GNU patch can do, but has a much better license Approved by portmgr@ for use in ports Added WITHGNUPATCH build option for people who still need it ***