BSD Now

This time on the show, we've got an interview with Kristaps Džonsons, the creator of mandoc. He tells us how the project got started and what its current status is across the various BSDs. We also have a mini-tutorial on using PF to throttle bandwidth. This week's news, answers to your emails and even some cheesy mailing list gold, coming up on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Updates to FreeBSD's random(4) FreeBSD's random device, which presents itself as "/dev/random" to users, has gotten a fairly major overhaul in -CURRENT The CSPRNG (cryptographically secure pseudo-random number generator) algorithm, Yarrow, now has a new alternative called Fortuna Yarrow is still the default for now, but Fortuna can be used with a kernel option (and will likely be the new default in 11.0-RELEASE) Pluggable modules can now be written to add more sources of entropy These changes are expected to make it in 11.0-RELEASE, but there hasn't been any mention of MFCing them to 10 or 9 *** OpenBSD Tor relays and network diversity We've talked about getting more BSD-based Tor nodes a few times in previous episodes The "tor-relays" mailing list has had some recent discussion about increasing diversity in the Tor network, specifically by adding more OpenBSD nodes With the security features and attention to detail, it makes for an excellent dedicated Tor box More and more adversaries are attacking Tor nodes, so having something that can withstand that will help the greater network at large A few users are even saying they'll convert their Linux nodes to OpenBSD to help out Check the archive for the full conversation, and maybe run a node yourself on any of the BSDs The Tor wiki page on OpenBSD is pretty out of date (nine years old!?) and uses the old pf syntax, maybe one of our listeners can modernize it *** SSP now default for FreeBSD ports SSP, or Stack Smashing Protection, is an additional layer of protection against buffer overflows that the compiler can give to the binaries it produces It's now enabled by default in FreeBSD's ports tree, and the pkgng packages will have it as well - but only for amd64 (all supported releases) and i386 (10.0-RELEASE or newer) This will only apply to regular ports and binary packages, not the quarterly branch that only receives security updates If you were using the temporary "new Xorg" or SSP package repositories instead of the default ones, you need to switch back over NetBSD made this the default on i386 and amd64 two years ago and OpenBSD made this the default on all architectures twelve years ago Next time you rebuild your ports, things should be automatically hardened without any extra steps or configuration needed *** Building an OpenBSD firewall and router While we've discussed the software and configuration of an OpenBSD router, this Reddit thread focuses more on the hardware side The OP lists some of his potential choices, but was originally looking for something a bit cheaper than a Soekris Most agree that, if it's for a business especially, it's worth the extra money to go with something that's well known in the BSD community They also list a few other popular alternatives: ALIX or the APU series from PC Engines, some Supermicro boards, etc. Through the comments, we also find out that QuakeCon runs OpenBSD on their network Hopefully most of our listeners are running some kind of BSD as their gateway - try it out if you haven't already *** Interview - Kristaps Džonsons - [email protected] Mandoc, historical man pages, various topics Tutorial Throttling bandwidth with PF News Roundup NetBSD at Kansai Open Forum 2014 Japanese NetBSD users invade yet another conference, demonstrating that they can and will install NetBSD on everything From a Raspberry Pi to SHARP Netwalkers to various luna68k devices, they had it all As always, you can find lots of pictures in the trip report *** Getting to know your portmgr lurkers The lovable "getting to know your portmgr" series makes its triumphant return This time around, they interview Alex, one of the portmgr lurkers that joined just this month "How would you describe yourself?" "Too lazy." Another post includes a short interview with Emanuel, another new lurker We discussed the portmgr lurkers initiative with Steve Wills a while back *** NetBSD's ARM port gets SMP The ARM port of NetBSD now has SMP support, allowing more than one CPU to be used This blog post on the website has a list of supported boards: Banana Pi, Cubieboard 2, Cubietruck, Merrii Hummingbird A31, CUBOX-I and NITROGEN6X NetBSD's release team is working on getting these changes into the 7 branch before 7.0 is released There are also a few nice pictures in the article *** A high performance mid-range NAS This blog post is about FreeNAS and optimizing iSCSI performance It talks about using mid-range hardware with FreeNAS

We're away at MeetBSD this week, but we've still got a great show for you. We'll be joined by Pawel Dawidek, who's done quite a lot of things in FreeBSD over the years, including the initial ZFS port. We'll get to hear how that came about, what he's up to now and a whole lot more. We'll be back next week with a normal episode of BSD Now - the place to B.. SD. This episode was brought to you by Interview - Pawel Jakub Dawidek - [email protected] Porting ZFS, GEOM, GELI, Capsicum, various topics

This week on the show, we sat down with John-Mark Gurney to talk about modernizing FreeBSD's IPSEC stack. We'll learn what he's adding, what needed to be fixed and how we'll benefit from the changes. As always, answers to your emails and all of this week's news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSD panel at Phoenix LUG The Phoenix, Arizona Linux users group had a special panel so they could learn a bit more about BSD It had one FreeBSD user and one OpenBSD user, and they answered questions from the organizer and the people in the audience They covered a variety of topics, including filesystems, firewalls, different development models, licenses and philosophy It was a good "real world" example of things potential switchers are curious to know about They closed by concluding that more diversity is always better, and even if you've got a lot of Linux boxes, putting a few BSD ones in the mix is a good idea *** Book of PF signed copy auction Peter Hansteen (who we've had on the show) is auctioning off the first signed copy of the new Book of PF All the profits from the sale will go to the OpenBSD Foundation The updated edition of the book includes all the latest pf syntax changes, but also provides examples for FreeBSD and NetBSD's versions (which still use ALTQ, among other differences) If you're interested in firewalls, security or even just advanced networking, this book is a great one to have on your shelf - and the money will also go to a good cause Michael Lucas has challenged Peter to raise more for the foundation than his last book selling - let's see who wins Pause the episode, go bid on it and then come back! *** FreeBSD Foundation goes to EuroBSDCon Some people from the FreeBSD Foundation went to EuroBSDCon this year, and come back with a nice trip report They also sponsored four other developers to go The foundation was there "to find out what people are working on, what kind of help they could use from the Foundation, feedback on what we can be doing to support the FreeBSD Project and community, and what features/functions people want supported in FreeBSD" They also have a second report from Kamil Czekirda A total of $2000 was raised at the conference *** OpenBSD 5.6 released Note: we're doing this story a couple days early - it's actually being released on November 1st (this Saturday), but we have next week off and didn't want to let this one slip through the cracks - it may be out by the time you're watching this Continuing their always-on-time six month release cycle, the OpenBSD team has released version 5.6 It includes support for new hardware, lots of driver updates, network stack improvements (SMP, in particular) and new security features 5.6 is the first formal release with LibreSSL, their fork of OpenSSL, and lots of ports have been fixed to work with it You can now hibernate your laptop when using a fully-encrypted filesystem (see our tutorial for that) ALTQ, Kerberos, Lynx, Bluetooth, TCP Wrappers and Apache were all removed This will serve as a "transitional" release for a lot of services: moving from Sendmail to OpenSMTPD, from nginx to httpd and from BIND to Unbound Sendmail, nginx and BIND will be gone in the next release, so either migrate to the new stuff between now and then or switch to the ports versions As always, 5.6 comes with its own song and artwork - the theme this time was obviously LibreSSL Be sure to check the full changelog (it's huge) and pick up a CD or tshirt to support their efforts If you don't already have the public key releases are signed with, getting a physical CD is a good "out of bounds" way to obtain it safely Here are some cool images of the set After you do your installation or upgrade, don't forget to head over to the errata page and apply any patches listed there *** Interview - John-Mark Gurney - [email protected] / @encthenet Updating FreeBSD's IPSEC stack News Roundup Clang in DragonFly BSD As we all know, FreeBSD got rid of GCC in 10.0, and now uses Clang almost exclusively on i386/amd64 Some DragonFly developers are considering migrating over as well, and one of them is doing some work to make the OS more Clang-friendly We'd love to see more BSDs switch to Clang/LLVM eventually, it's a lot more modern than the old GCC most are using *** reallocarray(): integer overflow detection for free One of the less obvious features in OpenBSD 5.6 is a new libc function: "reallocarray()" It's a replacement function for realloc(3) that provides integer overflow detection at basically no extra cost Theo and a few other developers have already started a mass audit of the entire source tree, replacing many instances with this new feature OpenBSD's explicit_bzero was recently imported into FreeBSD, maybe someone could also port over this too *** Switching from Linux blog A listener of th

This week on the show we're joined by Olivier Cochard-Labbé, the creator of both FreeNAS and the BSD Router Project! We'll be discussing what the BSD Router Project is, what it's for and where it's going. All this week's headlines and answers to viewer-submitted questions, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSD Devroom CFP This year's FOSDEM conference (Belgium, Jan 31st - Feb 1st) is having a dedicated BSD devroom They've issued a call for papers on anything BSD-related, and we always love more presentations If you're in the Belgium area or plan on going, submit a talk about something cool you're doing There's also a mailing list and some more information in the original post *** Bhyve SVM code merge The bhyve_svm code has been in the "projects" tree of FreeBSD, but is now ready for -CURRENT This changeset will finally allow bhyve to run on AMD CPUs, where it was previously limited to Intel only All the supported operating systems and utilities should work on both now One thing to note: bhyve doesn't support PCI passthrough on AMD just yet There may still be some issues though *** NetBSD at Open Source Conference Tokyo The Japanese NetBSD users group held a booth at another recent open source conference As always, they were running NetBSD on everything you can imagine One of the users reports back to the mailing list on their experience, providing lots of pictures and links Here's an interesting screenshot of NetBSD running various other BSDs in Xen *** More BSD switchers every day A decade-long Linux user is considering making the switch, and asks Reddit about the BSD community Tired of the pointless bickering he sees in his current community, he asks if the same problems exist over here and what he should expect So far, he's found that BSD people seem to act more level-headed about things, and are much more practical, whereas some FSF/GNU/GPL people make open source a religion There's also another semi-related thread about another Linux user wanting to switch to BSD because of systemd and GNU people There are some extremely well written and thought-out comments in the replies (in both threads), be sure to give them all a read Maybe the OPs should've just watched this show *** Interview - Olivier Cochard-Labbé - [email protected] / @ocochardlabbe The BSD Router Project News Roundup FreeBSD -CURRENT on a T420 Thinkpads are quite popular with BSD developers and users Most of the hardware seems to be supported across the BSDs (especially wifi) This article walks through installing FreeBSD -CURRENT on a Thinkpad T420 with UEFI If you've got a Thinkpad, or especially this specific one, have a look at some of the steps involved *** FreeNAS on a Supermicro 5018A-MHN4 More and more people are migrating their NAS devices to BSD-based solutions In this post, the author goes through setting up FreeNAS on some of his new hardware His new rack-mounted FreeNAS machine has a low power Atom with eight cores and 64GB of RAM - quite a lot for its small form factor The rest of the post details all of the hardware he chose and goes through the build process (with lots of cool pictures) *** Hardening procfs and linprocfs There was an exploit published recently for SFTP in OpenSSH, but it mostly just affected Linux There exists a native procfs in FreeBSD, which was the target point of that exploit, but it's not used very often The Linux emulation layer also supports its own linprocfs, which was affected as well The HardenedBSD guys weigh in on how to best solve the problem, and now support an additional protection layer from writing to memory with procfs If you want to learn more about ASLR and HardenedBSD, be sure to check out our interview with Shawn too *** pfSense monitoring with bandwidthd A lot of people run pfSense on their home network, and it's really useful to monitor the bandwidth usage This article will walk you through setting up bandwidthd to do exactly that bandwidthd monitors based on the IP address, rather than per-interface It can also build some cool HTML graphs, and we love those pfSense graphs Have a look at our bandwidth monitoring and testing tutorial for some more ideas *** Feedback/Questions Dave writes in Chris writes in Zeke writes in Bostjan writes in Patrick writes in *** Mailing List Gold More old bugs The Right Font™ (see also) ***

This week on the show we'll be talking with Hiroki Sato about the status of BSD in Japan. We also get to hear about how he got on the core team, and we just might find out why NetBSD is so popular over there! Answers to all your emails, the latest news, and even a brand new segment, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSD talks at XDC 2014 This year's Xorg conference featured a few BSD-related talks Matthieu Herrb, Status of the OpenBSD graphics stack Matthieu's talk details what's been done recently in Xenocara the OpenBSD kernel for graphics (slides here) Jean-Sébastien Pédron, The status of the graphics stack on FreeBSD His presentation gives a history of major changes and outlines the current overall status of graphics in FreeBSD (slides here) Francois Tigeot, Porting DRM/KMS drivers to DragonFlyBSD Francois' talk tells the story of how he ported some of the DRM and KMS kernel drivers to DragonFly (slides here) *** FreeBSD Quarterly Status Report The FreeBSD project has a report of their activities between July and September of this year Lots of ARM work has been done, and a goal for 11.0 is tier one support for the platform The release includes reports from the cluster admin team, release team, ports team, core team and much more, but we've already covered most of the items on the show If you're interested in seeing what the FreeBSD community has been up to lately, check the full report - it's huge *** Monitoring pfSense logs using ELK If you're one of those people who loves the cool graphs and charts that pfSense can produce, this is the post for you ELK (ElasticSearch, Logstash, Kibana) is a group of tools that let you collect, store, search and (most importantly) visualize logs It works with lots of different things that output logs and can be sent to one central server for displaying This post shows you how to set up pfSense to do remote logging to ELK and get some pretty awesome graphs *** Some updates to IPFW Even though PF gets a lot of attention, a lot of FreeBSD people still love IPFW While mostly a dormant section of the source tree, some updates were recently committed to -CURRENT The commit lists the user-visible changes, performance changes, ABI changes and internal changes It should be merged back to -STABLE after a month or so of testing, and will probably end up in 10.2-RELEASE Also check this blog post for some more information and fancy graphs *** Interview - Hiroki Sato (佐藤広生) - [email protected] / @hiroki_sato BSD in Japan, technology conferences, various topics News Roundup pfSense on Hyper-V In case you didn't know, the latest pfSense snapshots support running on Hyper-V Unfortunately, the current stable release is based on an old, unsupported FreeBSD 8.x base, so you have to use the snapshots for now The author of the post tells about his experience running pfSense and gives lots of links to read if you're interested in doing the same He also praises pfSense above other Linux-based solutions for its IPv6 support and high quality code *** OpenBSD as a daily driver A curious Reddit user posts to ask the community about using OpenBSD as an everyday desktop OS The overall consensus is that it works great for that, stays out of your way and is quite reliable Caveats would include there being no Adobe Flash support (though others consider this a blessing..) and it requiring a more hands-on approach to updating If you're considering running OpenBSD as a "daily driver," check all the comments for more information and tips *** Getting PF log statistics The author of this post runs an OpenBSD box in front of all his VMs at his colocation, and details his experiences with firewall logs He usually investigates any IPs of interest with whois, nslookup, etc. - but this gets repetitive quickly, so.. He sets out to find the best way to gather firewall log statistics After coming across a perl script to do this, he edited it a bit and is now a happy, lazy admin once again You can try out his updated PF script here *** FlashRD 1.7 released In case anyone's not familiar, flashrd is a tool to create OpenBSD images for embedded hardware devices, executing from a virtualized environment This new version is based on (the currently unreleased) OpenBSD 5.6, and automatically adapts to the number of CPUs you have for building It also includes fixes for 4k drives and lots of various other improvements If you're interested in learning more, take a look at some of the slides and audio from the main developer on the website *** Feedback/Questions Antonio writes in Don writes in Andriy writes in Richard writes in Robert writes in *** Mailing List Gold Subtle trolling Old bugs with old fixes A pig reinstall Strange DOS-like environment ***

Coming up this week on the show, we'll be talking to Matt Ranney and George Kola about how they use FreeBSD at Voxer, and how to get more companies to switch over. After that, we'll show you how to filter website ads at the gateway level, using DNSMasq. All this week's news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines NetBSD's EuroBSDCon report This year's EuroBSDCon had the record number of NetBSD developers attending The NetBSD guys had a small devsummit as well, and this blog post details some of their activities Pierre Pronchery also talked about EdgeBSD there (also see our interview if you haven't already) Hopefully this trend continues, and NetBSD starts to have even more of a presence at the conferences *** Upcoming features in OpenBSD 5.6 OpenBSD 5.6 is to be released in just under a month from now, and one of the developers wrote a blog post about some of the new features The post is mostly a collection of various links, many of which we've discussed before It'll be the first version with LibreSSL and many other cool things We will, of course, have all the details on the day of release There are some good comments on hacker news about 5.6 as well *** FreeBSD ARMv8-based implementation The FreeBSD foundation is sponsoring some work to port FreeBSD to the new ThunderX ARM CPU family With the potential to have up to 48 cores, this type of CPU might make ARM-based servers a more appealing option Cavium, the company involved with this deal, seems to have lots of BSD fans This collaboration is expected to result in Tier 1 recognition of the ARMv8 architecture *** Updating orphaned OpenBSD ports We discussed OpenBSD porting over portscout from FreeBSD a while back Their ports team is making full use of it now, and they're also looking for people to help update some unmaintained ports A new subdomain, portroach.openbsd.org, will let you view all the ports information easily If you're interested in learning to port software, or just want to help update a port you use, this is a good chance to get involved *** Interview - Matt Ranney & George Kola - [email protected] & [email protected] BSD at Voxer, companies switching from Linux, community interaction Tutorial Adblocking with DNSMasq & Pixelserv News Roundup GhostBSD 4.0 released The 4.0 branch of GhostBSD has finally been released, based on FreeBSD 10 With it come all the big 10.0 changes: clang instead of gcc, pkgng by default, make replaced by bmake Mate is now the default desktop, with different workstation styles to choose from *** Reports from PF about banned IPs If you run any kind of public-facing server, you've probably seen your logs fill up with unwanted traffic This is especially true if you run SSH on port 22, which the author of this post seems to A lot can be done with just PF and some brute force tables He goes through some different options for blocking Chinese IPs and break-in attempts It includes a useful script he wrote to get reports about the IPs being blocked via email *** NetBSD 6.1.5 and 6.0.6 released The 6.1 and 6.0 branches of NetBSD got some updates They include a number of security and stability fixes - plenty of OpenSSL mentions Various panics and other small bugs also got fixed *** OpenSSH 6.7 released After a long delay, OpenSSH 6.7 has finally been released Major internal refactoring has been done to make part of OpenSSH usable as a library SFTP transfers can now be resumed Lots of bug fixes, a few more new features - check the release notes for all the details This release disables some insecure ciphers by default, so keep that in mind if you connect with legacy clients that use Arcfour or CBC modes *** Feedback/Questions Andriy writes in Karl writes in Possnfiffer writes in Brad writes in Solomon writes in ***

We're back from EuroBSDCon! This week we'll be talking with Steve Wills about mentoring new BSD developers. If you've ever considered becoming a developer or helping out, it's actually really easy to get involved. We've also got all the BSD news for the week and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines NetBSD at Hiroshima Open Source Conference NetBSD developers are hard at work, putting NetBSD on everything they can find At a technology conference in Hiroshima, some developers brought their exotic machines to put on display As usual, there are lots of pictures and a nice report from the conference *** FreeBSD's Linux emulation overhaul For a long time, FreeBSD's emulation layer has been based on an ancient Fedora 10 system If you've ever needed to install Adobe Flash on BSD, you'll be stuck with all this extra junk With some recent work, that's been replaced with a recent CentOS release This opens up the door for newer versions of Skype to run on FreeBSD, and maybe even Steam someday *** pfSense 2.2-BETA Big changes are coming in pfSense land, with their upcoming 2.2 release We talked to the developer a while back about future plans, and now they're finally out there The 2.2 branch will be based on FreeBSD 10-STABLE (instead of 8.3) and include lots of performance fixes It also includes some security updates, lots of package changes and updates and much more You can check the full list of changes on their wiki *** NetBSD on the Raspberry Pi This article shows how you can install NetBSD on the ever-so-popular Raspberry Pi As of right now, you'll need to use a -CURRENT snapshot to do it It also shows how to grow the filesystem to fill up an SD card, some pkgsrc basics and how to get some initial things set up Can anyone find something that you can't install NetBSD on? *** Interview - Steve Wills - [email protected] / @swills Mentoring new BSD developers News Roundup MidnightBSD 0.5 released We don't hear a whole lot about MidnightBSD, but they've just released version 0.5 It's got a round of the latest FreeBSD security patches, driver updates and various small things Maybe one of their developers could come on the show sometime and tell us more about the project *** BSD Router Project 1.52 released The newest update for the BSD Router Project is out This version is based on a snapshot of 10-STABLE that's very close to 10.1-RELEASE It's mostly a bugfix release, but includes some small changes and package updates *** Configuring a DragonFly BSD desktop We've done tutorials on how to set up a FreeBSD or OpenBSD desktop, but maybe you're more interested in DragonFly In this post from Justin Sherrill, you'll learn some of the steps to do just that He pulled out an old desktop machine, gave it a try and seems to be pleased with the results It includes a few Xorg tips, and there are some comments about the possibility of making a GUI DragonFly installer *** Building a mini-ITX pfSense box Another week, another pfSense firewall build post This time, the author is installing to a Jetway J7F2, a mini-ITX device with four LAN ports He used to be a m0n0wall guy, but wanted to give the more modern pfSense a try Lots of great pictures of the hardware, which we always love *** Feedback/Questions Damian writes in Jan writes in Dale writes in Joe writes in Bostjan writes in ***

This week we're on the other side of the Atlantic, attending EuroBSDCon. For now, we've got an awesome interview with Peter Wemm about the FreeBSD web cluster and infrastructure. It's an inside look that you probably won't hear about anywhere else! We'll also get to a couple of your emails today, and be back next week with all the usual goodies, on BSD Now - the place to B.. SD. This episode was brought to you by Interview - Peter Wemm - [email protected] / @karinjiri The FreeBSD web cluster and infrastructure Feedback/Questions Todd writes in Brandon writes in ***

Coming up this week, we'll be talking with Adrian Chadd about all things wireless, his experience with FreeBSD on various laptop hardware and a whole lot more. As usual, we've got the latest news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD 10.1-BETA1 is out The first maintenance update in the 10.x series of FreeBSD is on its way Since we can't see a changelog yet, the 10-STABLE release notes offer a glimpse at some of the new features and fixes that will be included in 10.1 The vt driver was merged from -CURRENT, lots of drivers were updated, lots of bugs were fixed and bhyve also got many improvements from 11 Initial UEFI support, multithreaded softupdates for UFS and many more things were added You can check the release schedule for the planned release dates Details for the various forms of release media can be found in the announcement *** Remote headless OpenBSD installation A lot of server providers only offer a limited number of operating systems to be easily installed on their boxes Sometimes you'll get lucky and they'll offer FreeBSD, but it's much harder to find ones that natively support other BSDs This article shows how you can use a Linux-based rescue system, a RAM disk and QEMU to install OpenBSD on the bare metal of a server, headlessly and remotely It required a few specific steps you'll want to take note of, but is extremely useful for those pesky hosting providers *** Building a firewall appliance with pfSense In this article, we learn how to easily set up a gateway and wireless access point with pfSense on a Netgate ALIX2C3 APU After the author's modem died, he decided to look into a more do-it-yourself option with pf and a tiny router board The hardware he used has gigabit ports and a BSD-compatible wireless card, as well as enough CPU power for a modest workload and a few services (OpenVPN, etc.) There's a lot of great pictures of the hardware and detailed screenshots, definitely worth a look *** Receive Side Scaling - UDP testing Adrian Chadd has been working on RSS (Receive Side Scaling) in FreeBSD, and gives an update on the progress He's using some quad core boxes with 10 gigabit ethernet for the tests The post gives lots of stats and results from his network benchmark, as well as some interesting workarounds he had to do He also provides some system configuration options, sysctl knobs, etc. (if you want to try it out) And speaking of Adrian Chadd... *** Interview - Adrian Chadd - [email protected] / @erikarn BSD on laptops, wifi, drivers, various topics News Roundup Sendmail removed from OpenBSD Mail server admins around the world are rejoicing, because sendmail is finally gone from OpenBSD With OpenSMTPD being a part of the base system, sendmail became largely redundant and unneeded If you've ever compared a "sendmail.cf" file to an "smtpd.conf" file... the different is as clear as night and day 5.6 will serve as a transitional release, including both sendmail and OpenSMTPD, but 5.7 will be the first release without it If you still need it for some reason, sendmail will live in ports from now on Hopefully FreeBSD will follow suit sometime in the future as well, possibly including DragonFly's mail transfer agent in base (instead of an entire mail server) *** pfSense backups with pfmb We've mentioned the need for a tool to back up pfSense configs a number of times on the show This script, hosted on github, does pretty much exactly that It can connect to one (or more!) pfSense installations and back up the configuration You can roll back or replace failed hardware very easily with its restore function Everything is done over SSH, so it should be pretty secure *** The Design and Implementation of the FreeBSD Operating System We mentioned when the pre orders were up, but now "The Design and Implementation of the FreeBSD Operating System, 2nd edition" seems to be shipping out If you're interested in FreeBSD development, or learning about the operating system internals, this is a great book to buy We've even had all three authors on the show before! *** OpenBSD's systemd replacement updates We mentioned last week that the news of OpenBSD creating systemd wrappers was getting mainstream attention One of the developers writes in to Undeadly, detailing what's going on and what the overall status is He also clears up any confusion about "porting systemd to BSD" (that's not what's going on) or his code ever ending up in base (it won't) The top comment as of right now is a Linux user asking if his systemd wrappers can be ported back to Linux... poor guy *** Feedback/Questions Brad writes in Ben writes in Mathieu writes in Steve writes in ***

This week on the show, it's all about Lumina. We'll be giving you a visual walkthrough of the new BSD-exclusive desktop environment, as well as chatting with the main developer. There's also answers to your emails and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Portscout ported to OpenBSD Portscout is a popular utility used in the FreeBSD ports infrastructure It lets port maintainers know when there's a new version of the upstream software available by automatically checking the distfile mirror Now OpenBSD porters can enjoy the same convenience, as it's been ported over You can view the status online to see how it works and who maintains what The developer who ported it is working to get all the current features working on OpenBSD, and added a few new features as well He decided to fork and rename it a few days later *** Sysadmins and systemd refugees flocking to BSD With all the drama in Linux land about the rapid changes to their init system, a lot of people are looking at BSD alternatives This "you got your Windows in my Linux" article (and accompanying comments) give a nice glimpse into the minds of some of those switchers Both server administrators and regular everyday users are switching away from Linux, as more and more distros give them no choice but to use systemd Fortunately, the BSD communities are usually very welcoming of switchers - it's pretty nice on this side! *** OpenBSD's versioning schemes Ted Unangst explains the various versioning systems within OpenBSD, from the base to libraries to other included software In contrast to FreeBSD's release cycle, OpenBSD isn't as concerned with breaking backwards compatibility (but only if it's needed to make progress) This allows them to innovate and introduce new features a lot more easily, and get those features in a stable release that everyone uses He also details the difference between branches, their errata system and lack of "patch levels" for security Some other things in OpenBSD don't have version numbers at all, like tmux "Every release adds some new features, fixes some old bugs, probably adds a new bug or two, and, if I have anything to say about it, removes some old features." *** VAXstation 4000 Model 90 booting NetBSD We found a video of NetBSD booting on a 22 year old VAX workstation, circa 1992 This system has a monstrous 71 MHz CPU and 128MB of ECC RAM It continues in part two, where we learn that it would've cost around $25,000 when it was released! The uploader talks about his experiences getting NetBSD on it, what does and doesn't work, etc It's interesting to see that such old hardware isn't necessarily obsolete just because newer things have come out since then (but maybe don't try to build world on it...) *** Interview - Ken Moore - [email protected] The Lumina desktop environment Special segment Lumina walkthrough News Roundup Suricata for IDS on pfSense While most people are familiar with Snort as an intrusion detection system, Suricata is another choice This guide goes through the steps of installing and configuring it on a public-facing pfSense box Part two details some of the configuration steps One other cool thing about Suricata - it's compatible with Snort rules, so you can use the same updates There's also another recent post about snort as well, if that's more your style If you run pfSense (or any BSD) as an edge router for a lot of users, this might be worth looking into *** OpenBSD's systemd API emulation project This story was pretty popular in the mainstream news this week For the Google Summer of Code, a student is writing emulation wrappers for some of systemd's functions There was consideration from some Linux users to port over the finished emulation back to Linux, so they wouldn't have to run the full systemd One particularly interesting Slashdot comment snippet: "We are currently migrating a large number (much larger than planned after initial results) of systems from RHEL to BSD - a decision taken due to general unhappiness with RHEL6, but SystemD pushed us towards BSD rather than another Linux distro - and in some cases are seeing throughput gains of greater than 10% on what should be equivalent Linux and BSD server builds. The re-learning curve wasn't as steep as we expected, general system stability seems to be better too, and BSD's security reputation goes without saying." It will NOT be in the base system - only in ports, and only installed as a dependency for things like newer GNOME that require such APIs In the long run, BSD will still be safe from systemd's reign of terror, but will hopefully still be compatible with some third party packages like GNOME that insist on using it *** GhostBSD 4 previewed The GhostBSD project is moving along, slowly getting closer to the 4 release This article shows some of the pro

It's our one year anniversary episode, and we'll be talking with Reyk Floeter about the new OpenBSD webserver - why it was created and where it's going. After that, we'll show you the ins and outs of DragonFly's HAMMER FS. Answers to viewer-submitted questions and the latest headlines, on a very special BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation's new IPSEC project The FreeBSD foundation, along with Netgate, is sponsoring some new work on the IPSEC code With bandwidth in the 10-40 gigabit per second range, the IPSEC stack needs to be brought up to modern standards in terms of encryption and performance This new work will add AES-CTR and AES-GCM modes to FreeBSD's implementation, borrowing some code from OpenBSD The updated stack will also support AES-NI for hardware-based encryption speed ups It's expected to be completed by the end of September, and will also be in pfSense 2.2 *** NetBSD at Shimane Open Source Conference 2014 The Japanese NetBSD users group held a NetBSD booth at the Open Source Conference 2014 in Shimane on August 23 One of the developers has gathered a bunch of pictures from the event and wrote a fairly lengthy summary They had NetBSD running on all sorts of devices, from Raspberry Pis to Sun Java Stations Some visitors said that NetBSD had the most chaotic booth at the conference *** pfSense 2.1.5 released A new version of the pfSense 2.1 branch is out Mostly a security-focused release, including three web UI fixes and the most recent OpenSSL fix (which FreeBSD has still not patched in -RELEASE after nearly a month) It also includes many other bug fixes, check the blog post for the full list *** Systems, Science and FreeBSD Our friend George Neville-Neil gave a presentation at Microsoft Research It's mainly about using FreeBSD as a platform for research, inside and outside of universities The talk describes the OS and its features, ports, developer community, documentation, who uses BSD and much more *** Interview - Reyk Floeter - [email protected] / @reykfloeter OpenBSD's HTTP daemon Tutorial A crash course on HAMMER FS News Roundup OpenBSD's rcctl tool usage OpenBSD recently got a new tool for managing /etc/rc.conf.local in -current Similar to FreeBSD's "sysrc" tool, it eliminates the need to manually edit rc.conf.local to enable or disable services This blog post - from a BSD Now viewer - shows the typical usage of the new tool to alter the startup services It won't make it to 5.6, but will be in 5.7 (next May) *** pfSense mini-roundup We found five interesting pfSense articles throughout the week and wanted to quickly mention them The first item in our pfSense mini-roundup details how you can stream Netflix to in non-US countries using a "smart" DNS service The second post talks about setting ip IPv6, in particular if Comcast is your ISP The third one features pfSense on Softpedia, a more mainstream tech site The fourth post describes how to filter HTTPS traffic with Squid and pfSense The last article describes setting up a VPN using the "tinc" daemon and pfSense It seems to be lesser known, compared to things like OpenVPN or SSH tunnels, so it's interesting to read about This pfSense HQ website seems to have lots of other cool pfSense items, check it out *** OpenBSD's new buffer cache OpenBSD has traditionally used the tried-and-true LRU algorithm for buffer cache, but it has a few problems Ted Unangst has just switched to a new algorithm in -current, partially based on 2Q, and details some of his work Initial tests show positive results in terms of cache responsiveness Check the post for all the fine details *** BSDTalk episode 244 Another new BSDTalk is up and, this time around, Will Backman interviews Ken Moore, the developer of the new BSD desktop environment They discuss the history of development, differences between it and other DEs, lots of topics If you're more of a visual person, fear not, because... We'll have Ken on next week, including a full "virtual walkthrough" of Lumina and its applications *** Feedback/Questions Ghislain writes in Raynold writes in Van writes in Sean writes in Stefan writes in ***

Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation August update The foundation has published a new PDF detailing some of their recent activities It includes project development updates, the 10.1-RELEASE schedule and some of its new features There is also a short interview with Dru Lavigne in the "voices from the community" section If you're into hardware, there's another section about some new FreeBSD server equipment In closing, there's an update on funding too *** NSD for an authoritative nameserver With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup This article shows how to use NSD for an authoritative DNS nameserver It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together) All the instructions are presented very neatly, with all the little details included Less BIND means less vulnerabilities, everybody's happy *** BIND and Nginx removed from OpenBSD While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year) They've also removed nginx from the base system, in favor of the new custom HTTP daemon BIND and Nginx are still available in ports if you don't want to switch We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives *** NetBSD demo videos A Japanese NetBSD developer has been uploading lots of interesting videos Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware Most of them are demoing sound or running a modern Twitter client on an ancient computer They're from the same guy that did the conference wrap-up we mentioned recently *** Interview - Shawn Webb - [email protected] / @lattera Address space layout randomization in FreeBSD Tutorial Reverse SSH tunneling News Roundup Puppet master-agent installation on FreeBSD If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems The rest of the post explains how to set up both the master and the agent configurations *** Misc. pfSense items We found a few miscellaneous pfSense articles this past week The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender The second one shows how to log NAT firewall states (a good way to find out which family member has been torrenting!) In the third, you can see how to automatically back up your configuration files The fourth item shows how to set up PXE booting with pfSense, similar to one of our tutorials *** Time Machine backups on ZFS If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule" This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive Surprisingly simple to do, recommended for anyone with Macs on their network *** Lumina desktop preview Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely The main developer has posted an update on the PCBSD blog with some screenshots Lots of new features have been added, many of which are documented in the post There just might be a BSD Now episode about Lumina coming up.. (cough cough) *** Feedback/Questions Gary writes in Cedric writes in Caldwell writes in Cary writes in ***

Coming up on the show, we'll be showing you how to set up a secure, SSL-only webserver. There's also an interview with Eric Le Blan about community participation and FreeBSD's role in the commercial server space. All that and more, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Password gropers take spamtrap bait Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post He seems to have discovered another new weird phenomenon in his pop3 logs "yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia" Someone tried to log in to his service with an address that was known to be invalid The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose *** Inside the Atheros wifi chipset Adrian Chadd - sometimes known in the FreeBSD community as "the wireless guy" - gave a talk at the Defcon Wireless Village 2014 He covers a lot of topics on wifi, specifically on Atheros chips and why they're so popular for open source development There's a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards Very technical talk; some parts might go over your head if you're not a driver developer The raw video file is also available to download on archive.org Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things *** Trip report and hackathon mini-roundup A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted Mark Linimon mentions some of the future plans for FreeBSD's release engineering and ports Bapt also has a BSDCan report detailing his work on ports and packages Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function Christian Weisgerber talks about starting some initial improvements of OpenBSD's ports infrastructure *** DragonFly BSD 3.8.2 released Although it was already branched, the release media is now available for DragonFly 3.8.2 This is a minor update, mostly to fix the recent OpenSSL vulnerabilities It also includes some various other small fixes *** Interview - Eric Le Blan - [email protected] Xinuos' recent FreeBSD integration, BSD in the commercial server space Tutorial Building a hardened, feature-rich webserver News Roundup Defend your network and privacy, FreeBSD version Back in episode 39, we covered a blog post about creating an OpenBSD gateway - partly based on our tutorial This is a follow-up post, by the same author, about doing a similar thing with FreeBSD He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc. *** Don't encrypt all the things Another couple of interesting blog posts from Ted Unangst about encryption It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie He also talks a bit about some PGP weaknesses and a possible future replacement He also has another, similar post entitled "in defense of opportunistic encryption" *** New automounter lands in FreeBSD The work on the new automounter has just landed in 11-CURRENT With help from the FreeBSD Foundation, we'll have a new "autofs" kernel option Check the SVN viewer online to read over the man pages if you're not running -CURRENT You can also read a bit about it in the recent newsletter *** OpenSSH 6.7 CFT It's been a little while since the last OpenSSH release, but 6.7 is almost ready Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features It includes some old code removal, some new features and some internal reworkings - we'll cover the full list in detail when it's released This version also officially supports being built with LibreSSL now Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system *** Feedback/Questions David writes in Lachlan writes in Francis writes in Frank writes in Sean writes in ***

It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines MeetBSD 2014 is approaching The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California MeetBSD has an "unconference" format, which means there will be both planned talks and community events All the extra details will be on their site soon It also has hotels and various other bits of useful information - hopefully with more info on the talks to come Of course, EuroBSDCon is coming up before then *** First experiences with OpenBSD A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before" The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software" From there, it talks about how he used the OpenBSD USB image and got a fully-working system He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! *** NetBSD rump kernels on bare metal (and Kansai OSC report) When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right However, NetBSD's rump kernels - a very unique concept - make this process a lot easier This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week Also have a look back at episode 8 for our interview about rump kernels and what exactly they do While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight *** OpenSSL and LibreSSL updates OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!) Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them Whichever version of whatever SSL you use, make sure it's patched for these issues DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT) *** Interview - Robert Watson - [email protected] FreeBSD architecture, security research techniques, exploit mitigation Tutorial Protecting traffic with a BSD-based VPN News Roundup A FreeBSD-based CGit server If you use git (like a certain host of this show) then you've probably considered setting up your own server This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend It even shows you how to set up multiple repos with key-based user separation and other cool things The author of the post is also a listener of the show, thanks for sending it in! *** Backup devices for small businesses In this article, different methods of data storage and backup are compared After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers It also goes over some of the hardware specifics in the FreeNAS Mini *** A new Xenocara interview As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there *** Building a high performance FreeBSD samba server If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution? FreeBSD, ZFS and Samba obviously! The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients This article documents that process, highlighting s

Coming up this week on the show, we've got something special for you! We'll be giving you an in-depth look at all of the graphical PC-BSD utilities. That's right, BSD doesn't have to be commandline-only anymore! There's also the usual round of answers to your emails and all the latest headlines, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation semi-annual newsletter The FreeBSD foundation published their semi-annual newsletter, complete with a letter from the president of the foundation "In fact after reading [the president's] letter, I was motivated to come up with my own elevator pitch instead of the usual FreeBSD is like Linux, only better!" It talks about the FreeBSD journal as being one of the most exciting things they've launched this year, conferences they funded and various bits of sponsored code that went into -CURRENT The full list of funded projects is included, also with details in the financial reports There are also a number of conference wrap-ups: NYCBSDCon, BSDCan, AsiaBSDCon and details about the upcoming EuroBSDCon

Coming up in this week's episode, we'll be talking with one of OpenBSD's newest developers - Brent Cook - about the portable version of LibreSSL and how it's developed. We've also got some information about the FreeBSD port of LibreSSL you might not know. The latest news and your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD quarterly status report FreeBSD has gotten quite a lot done this quarter Changes in the way release branches are supported - major releases will get at least five years over their lifespan A new automounter is in the works, hoping to replace amd (which has some issues) The CAM target layer and RPC stack have gotten some major optimization and speed boosts Work on ZFSGuru continues, with a large status report specifically for that The report also mentioned some new committers, both source and ports It also covers GNATS being replaced with Bugzilla, the new core team, 9.3-RELEASE, GSoC updates, UEFI booting and lots of other things that we've already mentioned on the show "Foundation-sponsored work resulted in 226 commits to FreeBSD over the April to June period" *** A new OpenBSD HTTPD is born Work has begun on a new HTTP daemon in the OpenBSD base system A lot of people are asking "why?" since OpenBSD includes a chrooted nginx already - will it be removed? Will they co-exist? Initial responses seem to indicate that nginx is getting bloated, and is a bit overkill for just serving content (this isn't trying to be a full-featured replacement) It's partially based on the relayd codebase and also comes from the author of relayd, Reyk Floeter This has the added benefit of the usual, easy-to-understand syntax and privilege separation There's a very brief man page online already It supports vhosts and can serve static files, but is still in very active development - there will probably be even more new features by the time this airs Will it be named OpenHTTPD? Or perhaps... LibreHTTPD? (I hope not) *** pkgng 1.3 announced The newest version of FreeBSD's second generation package management system has been released, with lots of new features It has a new "real" solver to automatically handle conflicts, and dynamically discover new ones (this means the annoying -o option is deprecated now, hooray!) Lots of the code has been sandboxed for extra security You'll probably notice some new changes to the UI too, making things more user friendly A few days later 1.3.1 was released to fix a few small bugs, then 1.3.2 shortly thereafter and 1.3.3 yesterday *** FreeBSD after-install security tasks A number of people have written in to ask us "how do I secure my BSD box after I install it?" With this blog post, hopefully most of their questions will finally be answered in detail It goes through locking down SSH with keys, patching the base system for security, installing packages and keeping them updated, monitoring and closing any listening services and a few other small things Not only does it just list things to do, but the post also does a good job of explaining why you should do them Maybe we'll see some more posts in this series in the future *** Interview - Brent Cook - [email protected] / @busterbcook LibreSSL's portable version and development News Roundup FreeBSD Mastery - Storage Essentials MWL's new book about the FreeBSD storage subsystems now has an early draft available Early buyers can get access to an in-progress draft of the book before the official release, but keep in mind that it may go through a lot of changes Topics of the book will include GEOM, UFS, ZFS, the disk utilities, partition schemes, disk encryption and maximizing I/O performance You'll get access to the completed (e)book when it's done if you buy the early draft The suggested price is $8 *** Why BSD and not Linux? Yet another thread comes up asking why you should choose BSD over Linux or vice-versa Lots of good responses from users of the various BSDs Directly ripping a quote: "Features like Ports, Capsicum, CARP, ZFS and DTrace were stable on BSDs before their Linux versions, and some of those are far more usable on BSD. Features like pf are still BSD-only. FreeBSD has GELI and ipfw and is "GCC free". DragonflyBSD has HAMMER and kernel performance tuning. OpenBSD have upstream pf and their gamut of security features, as well as a general emphasis on simplicity." And "Over the years, the BSDs have clearly shown their worth in the nix ecosystem by pioneering new features and driving adoption of others. The most recent on OpenBSD were 2038 support and LibreSSL. FreeBSD still arguably rules the FOSS storage space with ZFS." Some other users share their switching experiences - worth a read *** More g2k14 hackathon reports Following up from last week's huge list of hackathon reports, we have a few more Landry Breuil spent some time with Ansible

Coming up this week on the show! We've got an interview with Dag-Erling Smørgrav, the current security officer of FreeBSD, to discuss what exactly being in such an important position is like. The latest news, answers to your emails and even some LibreSSL drama, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines g2k14 hackathon reports Nearly 50 OpenBSD developers gathered in Ljubljana, Slovenia from July 8-14 for a hackathon Lots of work got done - in just the first two weeks of July, there were over 1000 commits to their CVS tree Some of the developers wrote in to document what they were up to at the event Bob Beck planned to work on kernel stuff, but then "LibreSSL happened" and he spent most of his time working on that Miod Vallat also tells about his LibreSSL experiences Brent Cook, a new developer, worked mainly on the portable version of LibreSSL (and we'll be interviewing him next week!) Henning Brauer worked on VLAN bpf and various things related to IPv6 and network interfaces (and he still hates IPv6) Martin Pieuchot fixed some bugs in the USB stack, softraid and misc other things Marc Espie improved the package code, enabling some speed ups, fixed some ports that broke with LibreSSL and some of the new changes and also did some work on ensuring snapshot consistency Martin Pelikan integrated read-only ext4 support Vadim Zhukov did lots of ports work, including working on KDE4 Theo de Raadt created a new, more secure system call, "sendsyslog" and did a lot of work with /etc, sysmerge and the rc scripts Paul Irofti worked on the USB stack, specifically for the Octeon platform Sebastian Benoit worked on relayd filters and IPv6 code Jasper Lievisse Adriaanse did work with puppet, packages and the bootloader Jonathan Gray imported newer Mesa libraries and did a lot with Xenocara, including work in the installer for autodetection Stefan Sperling fixed a lot of issues with wireless drivers Florian Obser did many things related to IPv6 Ingo Schwarze worked on mandoc, as usual, and also rewrote the openbsd.org man.cgi interface Ken Westerback hacked on dhclient and dhcpd, and also got dump working on 4k sector drives Matthieu Herrb worked on updating and modernizing parts of xenocara *** FreeBSD pf discussion takes off Concerns from last week, about FreeBSD's packet filter being old and unmaintained, seemed to have finally sparked some conversation about the topic on the "questions" and "current" mailing lists (unfortunately people didn't always use reply-all so you have to cross-reference the two lists to follow the whole conversation sometimes) Straight from the SMP FreeBSD pf maintainer: "no one right now [is actively developing pf on FreeBSD]" Searching for documentation online for pf is troublesome because there are two incompatible syntaxes FreeBSD's pf man pages are lacking, and some of FreeBSD's documentation still links to OpenBSD's pages, which won't work anymore - possibly turning away would-be BSD converts because it's frustrating There's also the issue of importing patches from pfSense, but most of those still haven't been done either Lots of disagreement among developers vs. users... Many users are very vocal about wanting it updated, saying the syntax change is no big deal and is worth the benefits - developers aren't interested Henning Brauer, the main developer of pf on OpenBSD, has been very nice and offered to help the other BSDs get their pf fixed on multiple occasions Gleb Smirnoff, author of the FreeBSD-specific SMP patches, questions Henning's claims about OpenBSD's improved speed as "uncorroborated claims" (but neither side has provided any public benchmarks) Gleb had to abandon his work on FreeBSD's pf because funding ran out *** LibreSSL progress update LibreSSL's first few portable releases have come out and they're making great progress, releasing 2.0.3 two days ago Lots of non-OpenBSD people are starting to contribute, sending in patches via the tech mailing list However, there has already been some drama... with Linux users There was a problem with Linux's PRNG, and LibreSSL was unforgiving of it, not making an effort to randomize something that could not provide real entropy This "problem" doesn't affect OpenBSD's native implementation, only the portable version The developers decide to weigh in to calm the misinformation and rage A fix was added in 2.0.2, and Linux may even get a new system call to handle this properly now - remember to say thanks, guys Ted Unangst has a really good post about the whole situation, definitely check it out As a follow-up from last week, bapt says they're working on building the whole FreeBSD ports tree against LibreSSL, but lots of things still need some patching to work properly - if you're a port maintainer, please test your ports against it *** Preparation fo

We're back, and this week we'll be showing you how to tunnel out of a restrictive network using only DNS queries. We also sat down with Bryan Drewery, from the FreeBSD portmgr team, to talk all about their building cluster and some recent changes. All the latest news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines EuroBSDCon 2014 registration open September is getting closer, and that means it's time for EuroBSDCon - held in Bulgaria this year Registration is finally open to the public, with prices for businesses ($287), individuals ($217) and students ($82) for the main conference until August 18th Tutorials, sessions, dev summits and everything else all have their own pricing as well Registering between August 18th - September 12th will cost more for everything You can register online here and check hotels in the area The FreeBSD foundation is also accepting applications for travel grants *** OpenBSD SMP PF update A couple weeks ago we talked about how DragonflyBSD updated their PF to be multithreaded With them joining the SMP ranks along with FreeBSD, a lot of users have been asking about when OpenBSD is going to make the jump In a recent mailing list thread, Henning Brauer addresses some of the concerns The short version is that too many things in OpenBSD are currently single-threaded for it to matter - just reworking PF by itself would be useless He also says PF on OpenBSD is over four times faster than FreeBSD's old version, presumably due to those extra years of development it's gone through There's also been even more recent concern about the uncertain future of FreeBSD's PF, being mostly unmaintained since their SMP patches We reached out to four developers (over week ago) about coming on the show to talk about OpenBSD network performance and SMP, but they all ignored us *** Introduction to NetBSD pkgsrc An article from one of our listeners about how to create a new pkgsrc port or fix one that you need The post starts off with how to get the pkgsrc tree, shows how to get the developer tools and finally goes through the Makefile format It also lists all the different bmake targets and their functions in relation to the porting process Finally, the post details the whole process of creating a new port *** FreeBSD 9.3-RELEASE After three RCs, FreeBSD 9.3 was scheduled to be finalized and announced today but actually came out yesterday The full list of changes is available, but it's mostly a smaller maintenance release Lots of driver updates, ZFS issues fixed, hardware RNGs are entirely disabled by default, netmap framework updates, read-only ext4 support was added, the vt driver was merged from -CURRENT, new hardware support (including radeon KMS), various userland tools got new features, OpenSSL and OpenSSH were updated... and much more If you haven't jumped to the 10.x branch yet (and there are a lot of people who haven't!) this is a worthwhile upgrade - 9.2-RELEASE will reach EOL soon Good news, this will be the first release with PGP-signed checksums on the FTP mirrors - a very welcome change With that out of the way, the 10.1-RELEASE schedule was posted *** Interview - Bryan Drewery - [email protected] / @bdrewery The FreeBSD package building cluster, pkgng, ports, various topics Tutorial Tunneling traffic through DNS News Roundup SSH two-factor authentication on FreeBSD We've previously mentioned stories on how to do two-factor authentication with a Yubikey or via a third party website This blog post tells you how to do exactly that, but with your Google account and the pam_google_authenticator port Using this setup, every user that logs in with a password will have an extra requirement before they can gain access - but users with public keys can login normally It's a really, really simple process once you have the port installed - full details on the page *** Ditch tape backup in favor of FreeNAS The author of this post shares some of his horrible experiences with tape backups for a client Having constant, daily errors and failed backups, he needed to find another solution With 1TB of backups, tapes just weren't a good option anymore - so he switched to FreeNAS (after also ruling out a pre-built NAS) The rest of the article details his experiences with it and tells about his setup *** NetBSD vs FreeBSD, desktop experiences A NetBSD and pkgsrc developer details his experiences running NetBSD on a workstation at his job Becoming more and more disappointed with graphics performance, he finally decides to give FreeBSD 10 a try - especially since it has a native nVidia driver "Running on VAX, PlayStation 2 and Amiga is fun, but I’ll tell you a little secret: nobody cares anymore about VAX, PlayStation 2 and Amiga." He's become pretty satisfied with FreeBSD, a modern choice for a 2014 desktop system *** PCBSD not-so-weekly digest Speaking of choices for a desktop system, it&

This week Allan is at BSDCam in the UK, so we'll be back with a regular episode next week. For now though, here's an interview with Josh Paetzel about some crazy experiences he's had with ZFS. This episode was brought to you by Interview - Josh Paetzel - [email protected] / @bsdunix4ever Crazy ZFS stories, network protocols, server hardware

This time on the show, we'll be sitting down to talk with Craig Rodrigues about Jenkins and the FreeBSD testing infrastructure. Following that, we'll show you how to roll your own OpenBSD ISOs with all the patches already applied... ISO can't wait! This week's news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines pfSense 2.1.4 released The pfSense team has released 2.1.4, shortly after 2.1.3 - it's mainly a security release Included within are eight security fixes, most of which are pfSense-specific OpenSSL, the WebUI and some packages all need to be patched (and there are instructions on how to do so) It also includes a large number of various other bug fixes Update all your routers! *** DragonflyBSD's pf gets SMP While we're on the topic of pf... Dragonfly patches their old[er than even FreeBSD's] pf to support multithreading in many areas Stemming from a user's complaint, Matthew Dillon did his own work on pf to make it SMP-aware Altering your configuration's ruleset can also help speed things up, he found When will OpenBSD, the source of pf, finally do the same? *** ChaCha usage and deployment A while back, we talked to djm about some cryptography changes in OpenBSD 5.5 and OpenSSH 6.5 This article is sort of an interesting follow-up to that, showing which projects have adopted ChaCha20 OpenSSH offers it as a stream cipher now, OpenBSD uses it for it's random number generator, Google offers it in TLS for Chromium and some of their services and lots of other projects seem to be adopting it Both Google's fork of OpenSSL and LibReSSL have upcoming implementations, while vanilla OpenSSL does not Unfortunately, this article has one mistake: FreeBSD does not use it - they still use the broken RC4 algorithm *** BSDMag June 2014 issue The monthly online BSD magazine releases their newest issue This one includes the following articles: TLS hardening, setting up a package cluster in MidnightBSD, more GIMP tutorials, "saving time and headaches using the robot framework for testing," an interview and an article about the increasing number of security vulnerabilities The free pdf file is available for download as always *** Interview - Craig Rodrigues - [email protected] FreeBSD's continuous testing infrastructure Tutorial Creating pre-patched OpenBSD ISOs News Roundup Preauthenticated decryption considered harmful Responding to a post from Adam Langley, Ted Unangst talks a little more about how signify and pkg_add handle signatures In the past, the OpenBSD installer would pipe the output of ftp straight to tar, but then verify the SHA256 at the end - this had the advantage of not requiring any extra disk space, but raised some security concerns With signify, now everything is fully downloaded and verified before tar is even invoked The pkg_add utility works a little bit differently, but it's also been improved in this area - details in the post Be sure to also read the original post from Adam, lots of good information *** FreeBSD 9.3-RC2 is out As the -RELEASE inches closer, release candidate 2 is out and ready for testing Since the last one, it's got some fixes for NIC drivers, the latest file and libmagic security fixes, some serial port workarounds and various other small things The updated bsdconfig will use pkgng style packages now too A lesser known fact: there are also premade virtual machine images you can use too *** pkgsrcCon 2014 wrap-up In what may be the first real pkgsrcCon article we've ever had! Includes wrap-up discussion about the event, the talks, the speakers themselves, what they use pkgsrc for, the hackathon and basically the whole event Unfortunately no recordings to be found... *** PostgreSQL FreeBSD performance and scalability FreeBSD developer kib@ writes a report on PostgreSQL on FreeBSD, and how it scales On his monster 40-core box with 1TB of RAM, he runs lots of benchmarks and posts the findings Lots of technical details if you're interested in getting the best performance out of your hardware It also includes specific kernel options he used and the rest of the configuration If you don't want to open the pdf file, you can use this link too *** Feedback/Questions James writes in Klemen writes in John writes in Brad writes in Adam writes in ***

It's a big show this week! We'll be interviewing Marc Espie about OpenBSD's package system and build cluster. Also, we've been asked many times "how do I keep my BSD box up to date?" Well, today's tutorial should finally answer that. Answers to all your emails and this week's headlines, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines EuroBSDCon 2014 talks and schedule The talks and schedules for EuroBSDCon 2014 are finally revealed The opening keynote is called "FreeBSD, looking forward to another 10 years" by jkh Lots of talks spanning FreeBSD, OpenBSD and PCBSD, and we finally have a few about NetBSD and DragonflyBSD too! Variety is great It looks like Theo even has a talk, but the title isn't on the page... how mysterious There are also days dedicated to some really interesting tutorials Register now, the conference is on September 25-28th in Bulgaria If you see Allan and Kris walking towards you and you haven't given us an interview yet... well you know what's going to happen Why aren't the videos up from last year yet? Will this year also not have any? *** FreeNAS vs NAS4Free More mainstream news covering BSD, this time with an article about different NAS solutions In a possibly excessive eight-page article, Ars Technica discusses the pros and cons of both FreeNAS and NAS4Free Both are based on FreeBSD and ZFS of course, but there are more differences than you might expect Discusses the different development models, release cycles, features, interfaces and ease-of-use factor of each project "One is pleasantly functional; the other continues devolving during a journey of pain" - uh oh, who's the loser? *** Quality software costs money, heartbleed was free PHK writes an article for ACM Queue about open source software projects' funding efforts A lot of people don't realize just how widespread open source software is - TVs, printers, gaming consoles, etc The article discusses ways to convince your workplace to fund open source efforts, then goes into a little bit about FreeBSD and Varnish's funding The latest heartbleed vulnerability should teach everyone that open source projects are critical to the internet, and need people actively maintaining them On that subject, "Earlier this year the OpenSSL Heartbleed bug laid waste to Internet security, and there are still hundreds of thousands of embedded devices of all kinds—probably your television among them—that have not been and will not ever be software-upgraded to fix it. The best way to prevent that from happening again is to avoid having bugs of that kind go undiscovered for several years, and the only way to avoid that is to have competent people paying attention to the software" Consider donating to your favorite BSD foundation (or buying cool shirts and CDs!) and keeping the ecosystem alive *** Geoblock evasion with pf and OpenBSD rdomains Geoblocking is a way for websites to block visitors based on the location of their IP This is a blog post about how to get around it, using pf and rdomains It has the advantage of not requiring any browser plugins or DNS settings on the users' computers, you just need to be running OpenBSD on your router (hmm, if only a website had a tutorial about that...) In this post, the author wanted to get an American IP address, since the service he was using (Netflix) is blocked in Australia It's got all the details you need to set up a VPN-like system and bypass those pesky geographic filters *** Interview - Marc Espie - [email protected] / @espie_openbsd OpenBSD's package system, building cluster, various topics Tutorial Keeping your BSD up to date News Roundup BoringSSL and LibReSSL Yet another OpenSSL fork pops up, this time from Google, called BoringSSL Adam Langley has a blog post about it, why they did it and how they're going to maintain it You can easily browse the source code Theo de Raadt also weighs in with how this effort relates to LibReSSL More eyes on the code is good, and patches will be shared between the two projects *** More BSD Tor nodes wanted Friend of the show bcallah posts some news to the Tor-BSD mailing list about monoculture in the Tor network being both bad and dangerous Originally discussed on the Tor-Relays list, it was made apparent that having such a large amount of Linux nodes weakens the security of the whole network If one vulnerability is found, a huge portion of the network would be useless - we need more variety in the network stacks, crypto, etc. The EFF is also holding a Tor challenge for people to start up new relays and keep them online for over a year Check out our Tor tutorial and help out the network, and promote BSD at the same time! *** FreeBSD 10 OpenStack images OpenStack, to quote Wikipedia, is "a free and open-source software cloud computing platform. It is primarily deployed as an infrastructure as a service (IaaS) solution.&q

Coming up this week, we'll be showing you how to chain SSH connections, as well as some cool tricks you can do with it. Going along with that theme, we also have an interview with Bryce Chidester about running a BSD-based shell provider. News, emails and cowsay turkeys, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines PIE and ASLR in FreeBSD update A status update for Shawn Webb's ASLR and PIE work for FreeBSD One major part of the code, position-independent executable support, has finally been merged into the -CURRENT tree "FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support" If you're running -CURRENT, just add "WITH_PIE=1" to your /etc/src.conf and /etc/make.conf The next step is working on the ASLR coding style and getting more developers to look through it Shawn will also be at EuroBSDCon (in September) giving an updated version of his BSDCan talk about ASLR *** Misc. pfSense news Couple of pfSense news items this week, including some hardware news Someone's gotta test the pfSense hardware devices before they're sold, which involves powering them all on at least once To make that process faster, they're building a controllable power board (and include some cool pics) There will be more info on that device a bit later on On Friday, June 27th, there will be another video session (for paying customers only...) about virtualized firewalls pfSense University, a new paid training course, was also announced A single two-day class costs $2000, ouch *** ZFS stripe width A new blog post from Matt Ahrens about ZFS stripe width "The popularity of OpenZFS has spawned a great community of users, sysadmins, architects and developers, contributing a wealth of advice, tips and tricks, and rules of thumb on how to configure ZFS. In general, this is a great aspect of the ZFS community, but I’d like to take the opportunity to address one piece of misinformed advice" Matt goes through different situations where you would set up your zpool differently, each with their own advantages and disadvantages He covers best performance on random IOPS, best reliability, and best space efficiency use cases It includes a lot of detail on each one, including graphs, and addresses some misconceptions about different RAID-Z levels' overhead factor *** FreeBSD 9.3-BETA3 released The third BETA in the 9.3 release cycle is out, we're slowly getting closer to the release This is expected to be the final BETA, next will come the RCs There have mostly just been small bug fixes since BETA2, but OpenSSL was also updated and the arc4random code was updated to match what's in -CURRENT (but still isn't using ChaCha20) The FreeBSD foundation has a blog post about it too There's a list of changes between 9.2 and 9.3 as well, but we'll be sure to cover it when the -RELEASE hits *** Interview - Bryce Chidester - [email protected] / @brycied00d Running a BSD shell provider Tutorial Chaining SSH connections News Roundup My FreeBSD adventure A Slackware user from the "linux questions" forum decides to try out BSD, and documents his initial impressions and findings After ruling out PCBSD due to the demanding hardware requirements and NetBSD due to "politics" (whatever that means, his words) he decides to start off with FreeBSD 10, but also mentions trying OpenBSD later on In his forum post, he covers the documentation (and how easy it makes it for a switcher), dual booting, packages vs ports, network configuration and some other little things So far, he seems to really enjoy BSD and thinks that it makes a lot of sense compared to Linux Might be an interesting, ongoing series we can follow up on later *** Even more BSDCan trip reports BSDCan may be over until next year, but trip reports are still pouring in This time we have a summary from Li-Wen Hsu, who was paid for by the FreeBSD foundation He's part of the "Jenkins CI for FreeBSD" group and went to BSDCan mostly for that Nice long post about all of his experiences at the event, definitely worth a read He even talks about... the food *** FreeBSD disk partitioning For his latest book series on FreeBSD's GEOM system, MWL asked the hackers mailing list for some clarification This erupted into a very long discussion about fdisk vs gnop vs gpart So you don't have to read the 500 mailing list posts, he's summarized the findings in a blog post It covers MBR vs GPT, disk sector sizes and how to handle all of them with which tools *** BSD Router Project version 1.51 A new version of the BSD Router Project has been released, 1.51 It's now based on FreeBSD 10-STABLE instead of 10.0-RELEASE Includes lots of bugfixes and small updates, as well as some patches from pfSense and elsew

This week in the big show, we'll be interviewing Benedict Reuschling of the FreeBSD documentation team, and he has a special surprise in store for Allan. As always, answers to your questions and all the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD moves to Bugzilla Historically, FreeBSD has used the old GNATS system for keeping track of bug reports After years and years of wanting to switch, they've finally moved away from GNATS to Bugzilla It offers a lot of advantages, is much more modern and actively maintained and There's a new workflow chart for developers to illustrate the new way of doing things The old "send-pr" command will still work for the time being, but will eventually be phased out in favor of native Bugzilla reporting tools (of which there are multiple in ports) This will hopefully make reporting bugs a lot less painful *** DIY NAS: EconoNAS 2014 We previously covered this blog last year, but the 2014 edition is up More of a hardware-focused article, the author details the parts he's using for a budget NAS Details the motherboard, RAM, CPU, hard drives, case, etc With a set goal of $500 max, he goes just over it - $550 for all the parts Lots of nice pictures of the hardware and step by step instructions for assembly, as well as software configuration instructions *** DragonflyBSD 3.8 released Justin announced the availability of DragonflyBSD 3.8.0 Binaries in /bin and /sbin are dynamic now, enabling the use of PAM and NSS to manage user accounts It includes a new HAMMER FS backup script and lots of FreeBSD tools have been synced with their latest versions Work continues on for the Intel graphics drivers, but it's currently limited to the HD4000 and Ivy Bridge series See the release page for more info and check the link for source-based upgrade instructions *** OpenZFS European conference 2014 There was an OpenZFS conference held in Europe recently, and now the videos are online for your viewing pleasure Matt Ahrens, Introduction Michael Alexander, FhGFS performance on ZFS Andriy Gapon, Testing ZFS on FreeBSD Luke Marsden, HybridCluster: ZFS in the cloud Vadim Comănescu, Syneto: continuously delivering a ZFS-based OS Chris George, DDRdrive ZIL accelerator: random write revelation Grenville Whelan, High-Availability Phil Harman, Harman Holistic Mark Rees, Storiant and OpenZFS Andrew Holway, EraStor ZFS appliances Dan Vâtca, Syneto and OpenZFS Luke Marsden, HybridCluster and OpenZFS Matt Ahrens, Delphix and OpenZFS Check the link for slides and other goodies *** Interview - Benedict Reuschling - [email protected] BSD documentation, getting commit access, unix education, various topics News Roundup Getting to know your portmgr, Steve Wills "It is my pleasure to introduce Steve Wills, the newest member of the portmgr team" swills is an all-round good guy, does a lot for ports (especially the ruby ports) In this interview, we learn why he uses FreeBSD, the most embarrassing moment in his FreeBSD career and much more He used to work for Red Hat, woah *** BSDTalk episode 242 This time on BSDTalk, Will interviews Chris Buechler from pfSense Topics include: the heartbleed vulnerability and how it affected pfSense, how people usually leave their firewalls unpatched for a long time (or even forget about them!), changes between major versions, the upgrade process, upcoming features in their 10-based version, backporting drivers and security fixes They also touch on recent concerns in the pfSense community about their license change, that they may be "going commercial" and closing the source - so tune in to find out what their future plans are for all of that *** Turn old PC hardware into a killer home server Lots of us have old hardware lying around doing nothing but collecting dust Why not turn that old box into a modern file server with FreeNAS and ZFS? This article goes through the process of setting up a NAS, gives a little history behind the project and highlights some of the different protocols FreeNAS can use (NFS, SMB, AFS, etc) Most of our users are already familiar with all of this stuff, nothing too advanced Good to see BSD getting some well-deserved attention on a big mainstream site *** Unbloating the VAX install CD After a discussion on the VAX mailing list, something very important came to the attention of the developers... You can't boot NetBSD on a VAX box with 16MB of RAM from the CD image This blog post goes through the developer's adventure in trying to fix that through emulation and stripping various things out of the kernel to make it smaller In the end, he got it booting - and now all three VAX users who want to run NetBSD can do so on their systems with 16MB of RAM... *** Feedback/Questions Thomas writes in Reynold writes in Bostjan writes in Paul writes in John writes in ***

On this week's episode, we'll be giving you an introductory guide on OpenBSD's ports and package system. There's also a pretty fly interview with Karl Lehenbauer, about how they use FreeBSD at FlightAware. Lots of interesting news and answers to all your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSDCan 2014 talks and reports, part 2 More presentations and trip reports are still being uploaded Ingo Schwarze, New Trends in mandoc Vsevolod Stakhov, The Architecture of the New Solver in pkg Julio Merino, The FreeBSD Test Suite Zbigniew Bodek, Transparent Superpages for FreeBSD on ARM There's also a trip report from Michael Dexter and another (very long and detailed) trip report from our friend Warren Block that even gives us some linkage, thanks! *** Beyond security, getting to know OpenBSD's real purpose Michael W Lucas (who, we learn through this video, has been using BSD since 1986) gave a "webcast" last week, and the audio and slides are finally up It clocks in at just over 30 minutes, managing to touch on a lot of OpenBSD topics Some of those topics include: what is OpenBSD and why you should care, the philosophy of the project, how it serves as a "pressure cooker for ideas," briefly touches on GPL vs BSDL, their "do it right or don't do it at all" attitude, their stance on NDAs and blobs, recent LibreSSL development, some of the security functions that OpenBSD enabled before anyone else (and the ripple effect that had) and, of course, their disturbing preference for comic sans Here's a direct link to the slides Great presentation if you'd like to learn a bit about OpenBSD, but also contains a bit of information that long-time users might not know too *** FreeBSD vs Linux, a comprehensive comparison Another blog post covering something people seem to be obsessed with - FreeBSD vs Linux This one was worth mentioning because it's very thorough in regards to how things are done behind the scenes, not just the usual technical differences It highlights the concept of a "core team" and their role vs "contributors" and "committers" (similar to a presentation Kirk McKusick did not long ago) While a lot of things will be the same on both platforms, you might still be asking "which one is right for me?" - this article weighs in with some points for both sides and different use cases Pretty well-written and unbiased article that also mentions areas where Linux might be better, so don't hate us for linking it *** Expand FreeNAS with plugins One of the things people love the most about FreeNAS (other than ZFS) is their cool plugin framework With these plugins, you can greatly expand the feature set of your NAS via third party programs This page talks about a few of the more popular ones and how they can be used to improve your NAS or media box experience Some examples include setting up an OwnCloud server, Bacula for backups, Maraschino for managing a home theater PC, Plex Media Server for an easy to use video experience and a few more It then goes into more detail about each of them, how to actually install plugins and then how to set them up *** Interview - Karl Lehenbauer - [email protected] / @flightaware FreeBSD at FlightAware, BSD history, various topics Tutorial Ports and packages in OpenBSD News Roundup Code review culture meets FreeBSD In most of the BSDs, changes need to be reviewed by more than one person before being committed to the tree This article describes Phabricator, an open source code review system that we briefly mentioned last week Instructions for using it are on the wiki While not approved by the core team yet for anything official, it's in a testing phase and developers are encouraged to try it out and get their patches reviewed Just look at that fancy interface!! *** Upcoming BSD books Sneaky MWL somehow finds his way into both our headlines and the news roundup He gives us an update on the next BSD books that he's planning to release The plan is to release three (or so) books based on different aspects of FreeBSD's storage system(s) - GEOM, UFS, ZFS, etc. This has the advantage of only requiring you to buy the one(s) you're specifically interested in "When will they be released? When I'm done writing them. How much will they cost? Dunno." It's not Absolute FreeBSD 3rd edition... *** CARP failover and high availability on FreeBSD If you're running a cluster or a group of servers, you should have some sort of failover in place But the question comes up, "how do you load balance the load balancers!?" This video goes through the process of giving more than one machine the same IP, how to set up CARP, securing it and demonstrates a node dying Also mentions DNS-based load balancing as another option *** PCBSD weekly digest This time in PCBSD land, we're getting ready for the 10.0.2 relea

This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSDCan 2014 talks and reports The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with links Karl Lehenbauer's keynote (he's on next week's episode) Mariusz Zaborski and Pawel Jakub Dawidek, Capsicum and Casper (relevant to today's interview) Luigi Rizzo, In-kernel OpenvSwitch on FreeBSD Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data Storage Warner Losh, NAND Flash and FreeBSD Simon Gerraty, FreeBSD bmake and Meta Mode Bob Beck, LibreSSL - The First 30 Days Henning Brauer, OpenBGPD Turns 10 Years Old Arun Thomas, BSD ARM Kernel Internals Peter Hessler, Using BGP for Realtime Spam Lists Pedro Giffuni, Features and Status of FreeBSD's Ext2 Implementation Matt Ahrens, OpenZFS Upcoming Features and Performance Enhancements Daichi Goto, Shellscripts and Commands Benno Rice, Keeping Current Sean Bruno, MIPS Router Hacking John-Mark Gurney, Optimizing GELI Performance Patrick Kelsey, Userspace Networking with libuinet Massimiliano Stucchi, IPv6 Transitioning Mechanisms Roger Pau Monné, Taking the Red Pill Shawn Webb, Introducing ASLR in FreeBSD There's also a trip report from Peter Hessler and one from Julio Merino The latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend) *** Defend your network and privacy with a VPN and OpenBSD After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy back This article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilities There are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being used You can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow) It also includes a few general privacy tips, recommended browser extensions, etc The intro to the article is especially great, so give the whole thing a read He mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you're watching! *** You should try FreeBSD In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change that He goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the two Possibly the most useful part is how to address the question "my server already works, why bother switching?" "Stackoverflow’s answers assume I have apt-get installed" It includes mention of the great documentation, stability, ports, improved security and much more A takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before" *** OpenBSD and the little Mauritian contributor This is a story about a guy from Mauritius named Logan, one of OpenBSD's newest developers Back in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTP The article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathon It really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystem Congrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back *** Interview - Jon Anderson - [email protected] Capsicum and Casperd Tutorial Encrypting DNS lookups News Roundup FreeBSD Journal, May 2014 issue The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycle This time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scaling Pick up your (digital) copy at Amazon, Google Play or on iTunes and have a read *** LibreSSL porting update Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died off Unfortunately, people still thi

We're back from BSDCan! This week on the show we'll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group. We'll get to hear their experiences of running one and maybe encourage some of you to start your own! After that, we've got a tutorial on the basics of NetBSD's package manager, pkgsrc. Answers to your emails and the latest headlines, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD 11 goals and discussion Something that actually happened at BSDCan this year... During the FreeBSD devsummit, there was some discussion about what changes will be made in 11.0-RELEASE Some of MWL's notes include: the test suite will be merged to 10-STABLE, more work on the MIPS platforms, LLDB getting more attention, UEFI boot and install support A large list of possibilities was also included and open for discussion, including AES-GCM in IPSEC, ASLR, OpenMP, ICC, in-place kernel upgrades, Capsicum improvements, TCP performance improvements and A LOT more There's also some notes from the devsummit virtualization session, mostly talking about bhyve Lastly, he also provides some notes about ports and packages and where they're going *** An SSH honeypot with OpenBSD and Kippo Everyone loves messing with script kiddies, right? This blog post introduces Kippo, an SSH honeypot tool, and how to use it in combination with OpenBSD It includes a step by step (or rather, command by command) guide and some tips for running a honeypot securely You can use this to get new 0day exploits or find weaknesses in your systems OpenBSD makes a great companion for security testing tools like this with all its exploit mitigation techniques that protect all running applications *** NetBSD foundation financial report The NetBSD foundation has posted their 2013 financial report It's a very "no nonsense" page, pretty much only the hard numbers In 2013, they got $26,000 of income in donations The rest of the page shows all the details, how they spent it on hardware, consulting, conference fees, legal costs and everything else Be sure to donate to whichever BSDs you like and use! *** Building a fully-encrypted NAS with OpenBSD Usually the popular choice for a NAS system is FreeNAS, or plain FreeBSD if you know what you're doing This article takes a look at the OpenBSD side and explains how to build a NAS with security in mind The NAS will be fully encrypted, no separate /boot partition like FreeBSD and FreeNAS require - this means the kernel itself is even protected The obvious trade-off is the lack of ZFS support for storage, but this is an interesting idea that would fit most people's needs too There's also a bit of background information on NAS systems in general, some NAS-specific security tips and even some nice graphs and pictures of the hardware - fantastic write up! *** Interview - Brian Callahan & Aaron Bieber - [email protected] & [email protected] Forming a local BSD Users Group Tutorial The basics of pkgsrc News Roundup FreeBSD periodic mails vs. monitoring If you've ever been an admin for a lot of FreeBSD boxes, you've probably noticed that you get a lot of email This page tells about all the different alert emails, cron emails and other reports you might end up getting, as well as how to manage them From bad SSH logins to Zabbix alerts, it all adds up quickly It highlights the periodic.conf file and FreeBSD's periodic daemon, as well as some third party monitoring tools you can use to keep track of your servers *** Doing cool stuff with OpenBSD routing domains A blog post from our viewer and regular emailer, Kjell-Aleksander! He manages some internally-routed IP ranges at his work, but didn't want to have equipment for each separate project This is where OpenBSD routing domains and pf come in to save the day The blog post goes through the process with all the network details you could ever dream of He even named his networking equipment... after us *** LibreSSL, the good and the bad We're all probably familiar with OpenBSD's fork of OpenSSL at this point However, "for those of you that don't know it, OpenSSL is at the same time the best and most popular SSL/TLS library available, and utter junk" This article talks about some of the cryptographic development challenges involved with maintaining such a massive project You need cryptographers, software engineers, software optimization specialists - there are a lot of roles that need to be filled It also mentions some OpenSSL alternatives and recent LibreSSL progress, as well as some downsides to the fork - the main one being their aim for backwards compatibility *** PCBSD weekly digest Lots going on in PCBSD land this week, AppCafe has been redesigned The PBI system is being replaced with pkgng, PBIs will be automatically converted once you update In the more recent post, there's some further explanation of the PB

This week we're at BSDCan, ganging up on people and forcing them to give us interviews. Assuming we don't get arrested for harassment, we'll be back next week with your regularly scheduled programming. For now, we've got some feedback emails to catch up on, as well as a prerecorded talk Matt Ahrens gave about ZFS. We'll be back to tell you all about the conference next week, on BSD Now - the place to B.. SD. This episode was brought to you by Presentation - Matthew Ahrens - [email protected] / @mahrens1 OpenZFS discussion Feedback/Questions Remy writes in Darin writes in Steve writes in Pascal writes in ***

This week on the show we'll be showing you how to set up RAID arrays in both FreeBSD and OpenBSD. There's also an interview with David Chisnall - of the FreeBSD core team - about the switch to Clang and a lot more. As usual, we'll be dropping the latest news and answering your emails, so sit back and enjoy some BSD Now - the place to B.. SD. This episode was brought to you by Headlines OpenBSD 5.5 released If you ordered a CD set then you've probably had it for a little while already, but OpenBSD has formally announced the public release of 5.5 This is one of the biggest releases to date, with a very long list of changes and improvements Some of the highlights include: time_t being 64 bit on all platforms, release sets and binary packages being signed with the new signify tool, a new autoinstall feature of the installer, SMP support on Alpha, a new AViiON port, lots of new hardware drivers including newer NICs, the new vxlan driver, relayd improvements, a new pf queue system for bandwidth shaping, dhcpd and dhclient fixes, OpenSMTPD 5.4.2 and all its new features, position-independent executables being default for i386, the RNG has been replaced with ChaCha20 as well as some other security improvements, FUSE support, tmpfs, softraid partitions larger than 2TB and a RAID 5 implementation, OpenSSH 6.6 with all its new features and fixes... and a lot more The full list of changes is HUGE, be sure to read through it all if you're interested in the details If you're doing an upgrade from 5.4 instead of a fresh install, pay careful attention to the upgrade guide as there are some very specific steps for this version Also be sure to apply the errata patches on your new installations... especially those OpenSSL ones (some of which still aren't fixed in the other BSDs yet) On the topic of errata patches, the project is now going to also send them out (signed) via the announce mailing list, a very welcome change Congrats to the whole team on this great release - 5.6 is going to be even more awesome with "Libre"SSL and lots of other stuff that's currently in development *** FreeBSD foundation funding highlights The FreeBSD foundation posts a new update on how they're spending the money that everyone donates "As we embark on our 15th year of serving the FreeBSD Project and community, we are proud of what we've done to help FreeBSD become the most innovative, reliable, and high-performance operation system" During this spring, they want to highlight the new UEFI boot support and newcons There's a lot of details about what exactly UEFI is and why we need it going forward FreeBSD has also needed some updates to its console to support UTF8 and wide characters Hopefully this series will continue and we'll get to see what other work is being sponsored *** OpenSSH without OpenSSL The OpenSSH team has been hard at work, making it even better, and now OpenSSL is completely optional Since it won't have access to the primitives OpenSSL uses, there will be a trade-off of features vs. security This version will drop support for legacy SSH v1, and the only two cryptographic algorithms supported are an in-house implementation of AES in counter mode and the new combination of the Chacha20 stream cipher with Poly1305 for packet integrity Key exchange is limited to elliptic curve Diffie-Hellman and the newer Curve25519 KEXs No support for RSA, DSA or ECDSA public keys - only Ed25519 It also includes a new buffer API and a set of wrappers to make it compatible with the existing API Believe it or not, this was planned before all the heartbleed craziness Maybe someday soon we'll have a mini-openssh-portable in FreeBSD ports and NetBSD pkgsrc, would be really neat *** BSDMag's April 2014 issue is out The free monthly BSD magazine has got a new issue available for download This time the articles include: pascal on BSD, an introduction to revision control systems and configuration management, deploying NetBSD on AWS EC2, more GIMP tutorials, an AsiaBSDCon 2014 report and a piece about how easily credit cards are stolen online Anyone can contribute to the magazine, just send the editors an email about what you want to write No Linux articles this time around, good *** Interview - David Chisnall - [email protected] The LLVM/Clang switch, FreeBSD's core team, various topics Tutorial RAID in FreeBSD and OpenBSD News Roundup BSDTalk episode 240 Our buddy Will Backman has uploaded a new episode of BSDTalk, this time with our other buddy GNN as the guest - mainly to talk about NTP and keeping reliable time Topics include the specific details of crystals used in watches and computers to keep time, how temperature affects the quality, different sources of inaccuracy, some general NTP information, why you might want extremely precise time, different time sources (GPS, satellite, etc), differences in stratum levels, the problem of packet delay and estimating the round

We're back again! On this week's packed show, we've got one of the biggest tutorials we've done in a while. It's an in-depth look at PF, OpenBSD's firewall, with some practical examples and different use cases. We'll also be talking to Peter Hansteen about the new edition of "The Book of PF." Of course, we've got news and answers to your emails too, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines ALTQ removed from PF Kicking off our big PF episode... The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately. *** FreeBSD Quarterly Status Report The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team LOTS of details and LOTS of topics to cover, give it a read *** OpenBSD's OpenSSL rewrite continues with m2k14 A mini OpenBSD hackathon begins in Morocco, Africa You can follow the changes in the -current CVS log, but a lot of work is mainly going towards the OpenSSL cleaning We've got two trip reports so far, hopefully we'll have some more to show you in a future episode You can see some of the more interesting quotes from the tear-down or see everything Apparently they are going to call the fork "LibreSSL" .... What were the OpenSSL developers thinking? The RSA private key was used to seed the entropy! We also got some mainstream news coverage and another post from Ted about the history of the fork Definitely consider donating to the OpenBSD foundation, this fork will benefit all the other BSDs too *** NetBSD 6.1.4 and 6.0.5 released New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes The main update is - of course - the heartbleed vulnerability Also includes fixes for other security issues and even a kernel panic... on Atari Patch your Ataris right now, this is serious business *** Interview - Peter Hansteen - [email protected] / @pitrh The Book of PF: 3rd edition Tutorial BSD Firewalls: PF News Roundup New Xorg now the default in FreeBSD For quite a while now, FreeBSD has had two versions of X11 in ports The older, stable version was the default, but you could install a newer one by having "WITH_NEW_XORG" in /etc/make.conf They've finally made the switch for 10-STABLE and 9-STABLE Check this wiki page for more info *** GSoC-accepted BSD projects The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon The FreeBSD list was also posted Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more Good luck to all the students participating, hopefully they become full time BSD users *** Complexity of FreeBSD VFS using ZFS as an example HybridCluster posted the second part of their VFS and ZFS series This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy Of course, also watch episode 24 for our interview with HybridCluster - they do really interesting stuff *** PCBSD weekly digest Preload has been ported over, it's a daemon that prefetches applications PCBSD is developing their own desktop environment, Lumina (there's also an FAQ) It's still in active development, but you can try it out by installing from ports We'll be showing a live demo of it in a few weeks (when development settles down a bit) Some kid in Australia subjects his poor mother to being on camera while she tries out PCBSD and gives her impressions of it ***

This week, Allan's at a conference so we've got a short episode for you. We sat down with John Hixson to discuss FreeNAS development and all their future plans. The show will be back next week with a normal episode. This episode was brought to you by Interview - John Hixson - [email protected] / @bsdwhore FreeNAS development

This week, we sit down with Jim Brown from the BSD Certification group to talk about the BSD exams. Following that, we'll be showing you how to build OpenBSD binary packages in bulk, a la poudriere. There's a boatload of news and we've got answers to your questions, coming up on BSD Now - the place to B.. SD. This episode was brought to you by Headlines BSDCan schedule, speakers and talks This year's BSDCan will kick off on May 14th in Ottawa The list of speakers is also out And finally the talks everyone's looking forward to Lots of great tutorials and talks, spanning a wide range of topics of interest Be sure to come by so you can and meet Allan and Kris in person and get BSDCan shirts *** NYCBSDCon talks uploaded The BSD TV YouTube channel has been uploading recordings from the 2014 NYCBSDCon Jeff Rizzo's talk, "Releasing NetBSD: So Many Targets, So Little Time" Dru Lavigne's talk, "ZFS Management Tools in FreeNAS and PC-BSD" Scott Long's talk, "Serving one third of the Internet via FreeBSD" Michael W. Lucas' talk, "BSD Breaking Barriers" *** FreeBSD Journal, issue 2 The bi-monthly FreeBSD journal's second issue is out Topics in this issue include pkg, poudriere, the PBI format, hwpmc and journaled soft-updates In less than two months, they've already gotten over 1000 subscribers! It's available on Google Play, iTunes, Amazon, etc "We are also working on a dynamic version of the magazine that can be read in many web browsers, including those that run on FreeBSD" Check our interview with GNN for more information about the journal *** OpenSSL, more like OpenSS-Hell We mentioned this huge OpenSSL bug last week during all the chaos, but the aftermath is just as messy There's been a pretty vicious response from security experts all across the internet and in all of the BSD projects - and rightfully so We finally have a timeline of events Reactions from ISC, PCBSD, Tarsnap, the Tor project, FreeBSD, NetBSD, oss-sec, PHK, Varnish and Akamai pfSense released a new version to fix it OpenBSD disabled heartbeat entirely and is very unforgiving of the IETF Ted Unangst has two good write-ups about the issue and how horrible the OpenSSL codebase is A nice quote from one of the OpenBSD lists: "Given how trivial one-liner fixes such as #2569 have remained unfixed for 2.5+ years, one can only assume that OpenSSL's bug tracker is only used to park bugs, not fix them" Sounds like someone else was having fun with the bug for a while too There's also another OpenSSL bug that OpenBSD patched - it allows an attacker to inject data from one connection into another OpenBSD has also imported the most current version of OpenSSL and are ripping it apart from the inside out - we're seeing a fork in real time *** Interview - Jim Brown - [email protected] The BSD Certification exams Tutorial Building OpenBSD binary packages in bulk News Roundup Portable signify Back in episode 23 we talked with Ted Unangst about the new "signify" tool in OpenBSD Now there's a (completely unofficial) portable version of it on github If you want to verify your OpenBSD sets ahead of time on another OS, this tool should let you do it Maybe other BSD projects can adopt it as a replacement for gpg and incorporate it into their base systems *** Foundation goals and updates The OpenBSD foundation has reached their 2014 goal of $150,000 You can check their activities and goals to see where the money is going Remember that funding also goes to OpenSSH, which EVERY system uses and relies on everyday to protect their data The FreeBSD foundation has kicked off their spring fundraising campaign There's also a list of their activities and goals available to read through Be sure to support your favorite BSD, whichever one, so they can continue to make and improve great software that powers the whole internet *** PCBSD weekly digest New PBI runtime that fixes stability issues and decreases load times "Update Center" is getting a lot of development and improvements Lots of misc. bug fixes and updates *** Feedback/Questions There's a reddit thread we wanted to highlight - a user wants to show his friend BSD and why it's great Brad writes in Sha'ul writes in iGibbs writes in Matt writes in ***

This week on the big show we'll be showing off OpenBSD's new "autoinstall" feature to do completely automatic, unattended installations. We also have an interview with Dru Lavigne about all the writing work she does for FreeBSD, PCBSD and FreeNAS. The latest headlines and answers to your emails, on BSD Now - it's the place to B.. SD. This episode was brought to you by Headlines FreeBSD ASLR status update Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD He's implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in 5.5 on i386) Work has also started on testing ASLR on ARM, using a Raspberry Pi He's giving a presentation at BSDCan this year about his ASLR work While we're on the topic of BSDCan... *** BSDCan tutorials, improving the experience Peter Hansteen writes a new blog post about his upcoming BSDCan tutorials The tutorials are called "Building the network you need with PF, the OpenBSD packet filter" and "Transitioning to OpenBSD 5.5" - both scheduled to last three hours each He's requesting anyone that'll be there to go ahead and contact him, telling him exactly what you'd like to learn There's also a bit of background information about the tutorials and how he's looking to improve them If you're interested in OpenBSD and going to BSDCan this year, hit him up *** pkgsrc-2014Q1 released The new stable branch of pkgsrc packages has been built and is ready Python 3.3 is now a "first class citizen" in pkgsrc 14255 packages for NetBSD-current/x86_64, 11233 binary packages built with clang for FreeBSD 10/x86_64 There's a new release every three months, and remember pkgsrc works on MANY operating systems, not just NetBSD - you could even use pkgsrc instead of pkgng or ports if you were so inclined They're also looking into signing packages *** Only two holes in a heck of a long time, who cares? A particularly vocal Debian user, a lost soul, somehow finds his way to the misc@ OpenBSD mailing list He questions "what's the big deal" about OpenBSD's slogan being "Only two remote holes in the default install, in a heck of a long time!" Luckily, the community and Theo set the record straight about why you should care about this Running insecure applications on OpenBSD is actually more secure than running them on other systems, due to things like ASLR, PIE and all the security features of OpenBSD It spawned a discussion about ease of management and Linux's poor security record, definitely worth reading *** Interview - Dru Lavigne - [email protected] / @bsdevents FreeBSD's documentation printing, documentation springs, various topics Tutorial Automatic, unattended OpenBSD installs with PXE News Roundup pfSense 2.1.1 released A new version of pfSense is released, mainly to fix some security issues Tracking some recent FreeBSD advisories, pfSense usually only applies the ones that would matter on a firewall or router There are also some NIC driver updates and other things Of course if you want to learn more about pfSense, watch episode 25 2.1.2 is already up for testing too *** FreeBSD gets UEFI support It looks like FreeBSD's battle with UEFI may be coming to a close? Ed Maste committed a giant list of patches to enable UEFI support on x86_64 Look through the list to see all the details and information Thanks FreeBSD foundation! *** Ideas for the next DragonflyBSD release Mr. Dragonfly release engineer himself, Justin Sherrill posts some of his ideas for the upcoming release They're aiming for late May for the next version Ideas include better support for running in a VM, pkgng fixes, documentation updates and PAM support Gasp, they're even considering dropping i386 *** PCBSD weekly digest Lots of new PBI updates for 10.0, new runtime implementation New support for running 32 bit applications in PBI runtime New default CD and DVD player, umplayer Latest GNOME 3 and Cinnamon merged, new edge package builds *** Feedback/Questions Remy writes in Jan writes in Eddie writes in Zen writes in Sean writes in ***

This week we'll be talking to Richard Stallman about the upcoming GPLv4 and how it will protect our software from being stolen. After that, we'll show you how to recover from those pesky ZFS on Linux corruption issues, as well as some tips on how to explain to your boss that all the production boxes were compromised. Your questions and all the latest GNUs, on Linux Now - the place to Lin.. ux. This episode was brought to you by Headlines Preorders for cool BSD stuff The 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder We talked to GNN briefly about it, but he and Kirk have apparently finally finished the book "For many years, The Design and Implementation of the FreeBSD Operating System has been recognized as the most complete, up-to-date, and authoritative technical guide to FreeBSD's internal structure. Now, this definitive guide has been extensively updated to reflect all major FreeBSD improvements between Versions 5 and Versions 11" OpenBSD 5.5 preorders are also up, so you can buy a CD set now You can help support the project, and even get the -release of the OS before it's available publicly 5.5 is a huge release with lots of big changes, so now is the right time to purchase one of these - tell Austin we sent you! *** pkgsrcCon 2014 CFP This year's pkgsrcCon is in London, on June 21st and 22nd There's a Call For Papers out now, so you can submit your talks Anything related to pkgsrc is fine, it's pretty informal Does anyone in the audience know if the talks will be recorded? This con is relatively unknown *** BSDMag issue for March 2014 The monthly BSD magazine releases its newest issue Topics this time include: deploying NetBSD using AWS EC2, creating a multi-purpose file server with NetBSD, DragonflyBSD as a backup server, more GIMP lessons, network analysis with wireshark and a general security article The Linux article trend seems to continue... hmm *** Non-ECC RAM in FreeNAS We've gotten a few questions about ECC RAM with ZFS Here we've got a surprising blog post about why someone did not go with ECC RAM for his NAS build The article mentions the benefits of ECC and admits it is a better choice in nearly all instances, but unfortunately it's not very widespread in consumer hardware motherboards and it's more expensive Regular RAM also has "special" issues with ZFS and pool corruption Long post, so check out the whole thing if you've been considering your memory options and weighing the benefits *** Interview - Pierre Pronchery - [email protected] / @khorben EdgeBSD (slides) Tutorial Building an OpenBSD desktop News Roundup Getting to know your portmgr-lurkers This week we get to hear from Frederic Culot, colut@ Originally an OpenBSD user from France, Frederic joined as a ports committer in 2010 and recently joined the portmgr lurkers team "FreeBSD is also one of my sources of inspiration when it comes to how organizations behave and innovate, and I find it very interesting to compare FreeBSD with the for-profit companies I work for" We get to find out a little bit about him, why he loves FreeBSD and what he does for the project *** NetBSD on the Playstation 2 Who doesn't want to run NetBSD on their old PS2? The PS2 port of NetBSD was sadly removed in 2009, but it has been revived It's using a slightly unusual MIPS CPU that didn't have much GCC support Hopefully a bootable kernel will be available soon *** The FreeBSD Challenge update Our friend from the Linux Foundation continues his FreeBSD switching journey This time he starts off by discovering virtual machines suck at keeping accurate time, and some ports weren't working because of his clock being way off After polling the IRC for help, he finally learns the difference between ntpdate and ntpd and both of their use cases Maybe he should've just read our NTP tutorial! *** PCBSD weekly digest The mount tray icon got lots of updates and fixes The faulty distribution server has finally been tracked down and... destroyed New language localization project is in progress Many many updates to ports and PBIs, new -STABLE builds *** Feedback/Questions Antonio writes in Patrick writes in Chris writes in Ron writes in Tyler writes in ***

Finally hit 30 episodes! Today we'll be chatting with Warren Block to discuss BSD documentation efforts and future plans. If you've ever wondered about the scary world of mailing lists, today's tutorial will show you the basics of how to get help and contribute back. There's lots to get to today, so sit back and enjoy some BSD Now - the place to B.. SD. This episode was brought to you by Headlines OpenBSD on a Sun T5120 Our buddy Ted Unangst got himself a cool Sun box Of course he had to write a post about installing and running OpenBSD on it The post goes through some of the quirks and steps to go through in case you're interested in one of these fine SPARC machines He's also got another post about OpenBSD on a Dell CS24-SC server *** Bhyvecon 2014 videos are up Like we mentioned last week, Bhyvecon was an almost-impromptu conference before AsiaBSDCon The talks have apparently already been uploaded! Subjects include Bhyve's past, present and future, OSv on Bhyve, a general introduction to the tool, migrating those last few pesky Linux boxes to virtualization Lots more detail in the videos, so check 'em all out *** Building a FreeBSD wireless access point We've got a new blog post about creating a wireless access point with FreeBSD After all the recent news of consumer routers being pwned like candy, it's time for people to start building BSD routers The author goes through a lot of the process of getting one set up using good ol' FreeBSD Using hostapd, he's able to share his wireless card in hostap mode and offer DHCP to all the clients Plenty of config files and more messy details in the post *** Switching from Synology to FreeNAS The author has been considering getting a NAS for quite a while and documents his research He was faced with the compromise of convenience vs. flexibility - prebuilt or DIY After seeing the potential security issues with proprietary NAS devices, and dealing with frustration with trying to get bugs fixed, he makes the right choice The post also goes into some detail about his setup, all the things he needed a NAS to do as well as all the advantages an open source solution would give *** Interview - Warren Block - [email protected] FreeBSD's documentation project, igor, doceng Tutorial The world of BSD mailing lists News Roundup HAMMER2 work and notes Matthew Dillon has posted some updated notes about the development of the new HAMMER version The start of a cluster API was committed to the tree There are also links to design document, a freemap design document, a changes list and a todo list *** BSD Breaking Barriers Our friend MWL gave a talk at NYCBSDCon about BSD "breaking barriers" "What makes the BSD operating systems special? Why should you deploy your applications on BSD? Why does the BSD community keep growing, and why do Linux sites like DistroWatch say that BSD is where the interesting development work is happening? We'll cover the not-so-obvious reasons why BSD still stands tall after almost 40 years." He also has another upcoming talk, (or "webcast") called "Beyond Security: Getting to Know OpenBSD's Real Purpose" "OpenBSD is frequently billed as a high-security operating system. That's true, but security isn't the OpenBSD Project's main goal. This webcast will introduce systems administrators to OpenBSD, explain the project's mission, and discuss the features and benefits." It's on May 27th and will hopefully be recorded *** FreeBSD in a chroot Finch, "FreeBSD running IN a CHroot," is a new project It's a way to extend the functionality of restricted USB-based FreeBSD systems (FreeNAS, etc.) All the details and some interesting use cases are on the github page He really needs to change the project name though *** PCBSD weekly digest Lots of bugfixes for PCBSD coming down the tubes LZ4 compression is now enabled by default on the whole pool The latest 10-STABLE has been imported and builds are going Also the latest GNOME and Cinnamon builds have been imported and much more *** Feedback/Questions Bostjan writes in (IRC suggests md5deep) Don writes in kaltheat writes in (We use R0DE Podcast microphones and Logitech C920 HD webcams) Harri writes in ***

We're back from AsiaBSDCon! This week we'll be chatting with Gleb Kurtsou about some a filesystem-level encryption utility called PEFS. After that, we'll give you a step by step guide on how to actually use it. There's also the usual round of your questions and we've got a lot of news to catch up on, so stay tuned to BSD Now - the place to B.. SD. This episode was brought to you by Headlines Using OpenSSH Certificate Authentication SSH has a not-so-often-talked-about authentication option in addition to passwords and keys: certificates - you can add certificates to any current authentication method you're using They're not really that complex, there just isn't a lot of documentation on how to use them - this post tries to solve that There's the benefit of not needing a known_hosts file or authorized_users file anymore The post goes into a fair amount of detail about the differences, advantages and implications of using certificates for authentication *** Back to FreeBSD, a new series Similar to the "FreeBSD Challenge" blog series, one of our listeners will be writing about his switching BACK to FreeBSD journey "So, a long time ago, I had a box which was running FreeBSD 4, running on a Pentium. 14 years later, I have decided to get back into FreeBSD, now at FreeBSD 10" He's starting off with PCBSD since it's easy to get working with dual graphics Should be a fun series to follow! *** OpenBSD's recent experiments in package building If you'll remember back to our poudriere tutorial, it lets you build FreeBSD binary packages in bulk - OpenBSD's version is called dpb Marc Espie recently got some monster machines in russia to play with to help improve scaling of dpb on high end hardware This article goes through some of his findings and plans for future versions that increase performance We'll be showing a tutorial of dpb on the show in a few weeks *** Securing FreeBSD with 2FA So maybe you've set up two-factor authentication with gmail or twitter, but have you done it with your BSD box? This post walks us through the process of locking down an ssh server with 2FA With just a mobile phone and a few extra tools, you can enable two-factor auth on your BSD box and have just that little extra bit of protections *** Interview - Gleb Kurtsou - [email protected] PEFS (security audit results here) Tutorial Filesystem-based encryption with PEFS News Roundup BSDCan 2014 registration Registration is finally open! The prices are available along with a full list of presentations Tutorial sessions for various topics as well You have to go *** Big changes for OpenBSD 5.6 Although 5.5 was just frozen and the release process has started, 5.6 is already looking promising OpenBSD has, for a long time, included a heavily-patched version of Apache based on 1.3 They've also imported nginx into base a few years ago, but now have finally removed Apache Sendmail is also no longer the default MTA, OpenSMTPD is the new default Will BIND be removed next? Maybe so They've also discontinued the hp300, mvme68k and mvme88k ports *** Getting to know your portmgr lurkers The "getting to know your portmgr" series makes its return This time we get to talk with danfe@ (probably most known for being the nVidia driver maintainer, but he does a lot with ports) How he got into FreeBSD? He "wanted a unix system that I could understand and that would not get bloated as time goes by" Mentions why he's still heavily involved with the project and lots more *** PCBSD weekly digest Work has started to port Pulseaudio to PCBSD 10.0.1 There's a new "pc-mixer" utility being worked on for sound management as well New PBIs, GNOME/Mate updates, Life Preserver fixes and a lot more PCBSD 10.0.1 was released too *** Feedback/Questions Alex writes in Ben writes in Nick writes in Sami writes in Christopher writes in ***

This week we're at AsiaBSDCon, so it'll be a shorter episode. We've got an interview with Eric Turgeon, founder of the desktop-focused GhostBSD project. Haven't heard of GhostBSD? Well stay tuned then. There's also a really interesting tutorial on how to serially concatenate disks in NetBSD. We'll be back next week with a normal episode. This episode was brought to you by Interview - Eric Turgeon - [email protected] / @GhostBSD1 GhostBSD Tutorial Serially concatenating disks in NetBSD Feedback/Questions Dave writes in Shane writes in Rob writes in Predrag writes in ***

The long-awaited meetup is finally happening on today's show. We're going to be interviewing the original BSD podcaster, Will Backman, to discuss what he's been up to and what the future of BSD advocacy looks like. After that, we'll be showing you how to track (and even cross-compile!) the -CURRENT branch of NetBSD. We've got answers to user-submitted questions and the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD and OpenBSD in GSOC2014 The Google Summer of Code is a way to encourage students to write code for open source projects and make some money Both FreeBSD and OpenBSD were accepted, and we'd love for anyone listening to check out their GSOC pages The FreeBSD wiki has a list of things that they'd be interested in someone helping out with OpenBSD's want list was also posted DragonflyBSD and NetBSD were sadly not accepted this year *** Yes, you too can be an evil network overlord A new blog post about monitoring your network using only free tools OpenBSD is a great fit, and has all the stuff you need in the base system or via packages It talks about the pflow pseudo-interface, its capabilities and relation to NetFlow (also goes well with pf) There's also details about flowd and nfsen, more great tools to make network monitoring easy If you're listening, Peter... stop ignoring our emails and come on the show! We know you're watching! *** BSDMag's February issue is out The theme is "configuring basic services on OpenBSD 5.4" There's also an interview with Peter Hansteen (oh hey...) Topics also include locking down SSH, a GIMP lesson, user/group management, and... Linux and Solaris articles? Why?? *** Changes in bcrypt Not specific to any OS, but the OpenBSD team is updating their bcrypt implementation There is a bug in bcrypt when hashing long passwords - other OSes need to update theirs too! (FreeBSD already has) "The length is stored in an unsigned char type, which will overflow and wrap at 256. Although we consider the existence of affected hashes very rare, in order to differentiate hashes generated before and after the fix, we are introducing a new minor 'b'." As long as you upgrade your OpenBSD system in order (without skipping versions) you should be ok going forward Lots of specifics in the email, check the full thing *** Interview - Will Backman - [email protected] / @bsdtalk The BSDTalk podcast, BSD advocacy, various topics Tutorial Tracking and cross-compiling -CURRENT (NetBSD) News Roundup X11 no longer needs root Xorg has long since required root privileges to run the main server With recent work from the OpenBSD team, now everything (even KMS) can run as a regular user Now you can set the "machdep.allowaperture" sysctl to 0 and still use a GUI *** OpenSSH 6.6 CFT Shortly after the huge 6.5 release, we get a routine bugfix update Test it out on as many systems as you can Check the mailing list for the full bug list *** Creating an OpenBSD USB drive Since OpenBSD doesn't distribute any official USB images, here are some instructions on how to do it Step by step guide on how you can make your very own However, there's some recent emails that suggest official USB images may be coming soon... oh wait *** PCBSD weekly digest New PBI updates that allow separate ports from /usr/local You need to rebuild pbi-manager if you want to try it out Updates and changes to Life Preserver, App Cafe, PCDM *** Feedback/Questions espressowar writes in Antonio writes in Christian writes in Adam writes in Alex writes in ***

On today's show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Tailoring OpenBSD for an old, strange computer The author of this article had an OmniBook 800CT, which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU Obviously he had to install some kind of BSD on it! This post goes through all his efforts of trimming down OpenBSD to work on such a limited device He goes through the trial and error of "compile, break it, rebuild, try again" After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working *** pkgsrcCon and BSDCan pkgsrccon is "a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure" This year it will be on June 21st and 22nd The schedule is still being worked out, so if you want to give a talk, submit it BSDCan's schedule was also announced We'll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more Kris' presentation was accepted! Tons of topics, look forward to the recorded versions of all of them hopefully! *** Two factor auth with pushover A new write-up from our friend Ted Unangst Pushover is "a web hook to smartphone push notification gateway" - you sent a POST to a web server and it sends a code to your phone His post goes through the steps of editing your login.conf and setting it all up to work Now you can get a two factor authenticated login for ssh! *** The status of GNOME 3 on BSD It's no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast A few recent posts from some GNOME developers show that they're finally working with the BSD guys to improve portability The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us - it's a beautiful thing This goes right along with our interview today! *** Interview - Joe Marcus Clark - [email protected] The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics Tutorial The FreeBSD Ports Collection News Roundup DragonflyBSD 3.8 goals and 3.6.1 release The Dragonfly team is thinking about what should be in version 3.8 On their bug tracker, it lists some of the things they'd like to get done before then In the meantime, 3.6.1 was released with lots of bugfixes *** NYCBSDCon 2014 wrap-up piece We've got a nice wrap-up titled "NYCBSDCon 2014 Heats Up a Cold Winter Weekend" The author also interviews GNN about the conference There's even a little "beginner introduction" to BSD segment Includes a mention of the recently-launched journal and lots of pictures from the event *** FreeBSD and Linux, a comparative analysis GNN in yet another story - he gave a presentation at the NYLUG about the differences between FreeBSD and Linux He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs "distros," development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences Serves as a good introduction you can show your Linux friends *** PCBSD CFT and weekly digest Upgrade tools have gotten a major rewrite You have to help test it, there is no choice! Read more here How dare Kris be "unimpressed with" freebsd-update and pkgng!? Various updates and fixes *** Feedback/Questions Jeffrey writes in Shane writes in Ferdinand writes in Curtis writes in Clint writes in Peter writes in ***

We have a packed show for you this week! We'll sit down for an interview with Chris Buechler, from the pfSense project, to learn just how easy it can be to deploy a BSD firewall. We'll also be showing you a walkthrough of the pfSense interface so you can get an idea of just how convenient and powerful it is. Answers to your questions and the latest headlines, here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines EuroBSDCon and AsiaBSDCon This year, EuroBSDCon will be in September in Sofia, Bulgaria They've got a call for papers up now, so everyone can submit the talks they want to present There will also be a tutorial section of the conference AsiaBSDCon will be next month, in March! All the info about the registration, tutorials, hotels, timetable and location have been posted Check the link for all the details on the talks - if you plan on going to Tokyo next month, hang out with Allan and Kris and lots of BSD developers! *** FreeBSD 10 on Ubiquiti EdgeRouter Lite The Ubiquiti EdgeRouter Lite is a router that costs less than $100 and has a MIPS CPU This article goes through the process of installing and configuring FreeBSD on it to use as a home router Lots of good pictures of the hardware and specific details needed to get you set up It also includes the scripts to create your own images if you don't want to use the ones rolled by someone else For such a cheap price, might be a really fun weekend project to replace your shitty consumer router Of course if you're more of an OpenBSD guy, you can always see our tutorial for that too *** Signed pkgsrc package guide We got a request on IRC for more pkgsrc stuff on the show, and a listener provided a nice write-up It shows you how to set up signed packages with pkgsrc, which works on quite a few OSes (not just NetBSD) He goes through the process of signing packages with a public key and how to verify the packages when you install them The author also happens to be an EdgeBSD developer *** Big batch of OpenBSD hackathon reports Five trip reports from the OpenBSD hackathon in New Zealand! In the first one, jmatthew details his work on fiber channel controller drivers, some octeon USB work and ARM fixes for AHCI In the second, ketennis gets into his work with running interrupt handlers without holding the kernel lock, some SPARC64 improvements and a few other things In the third, jsg updated libdrm and mesa and did various work on xenocara In the fourth, dlg came with the intention to improve SMP support, but got distracted and did SCSI stuff instead - but he talks a little bit about the struggle OpenBSD has with SMP and some of the work he's done In the fifth, claudio talks about some stuff he did for routing tables and misc. other things *** Interview - Chris Buechler - [email protected] / @cbuechler pfSense Tutorial pfSense walkthrough News Roundup FreeBSD challenge continues Our buddy from the Linux foundation continues his switching to BSD journey In day 13, he covers some tips for new users, mentions trying things out in a VM first In day 14, he starts setting up XFCE and X11, feels like he's starting over as a new Linux user learning the ropes again - concludes that ports are the way to go In day 15, he finishes up his XFCE configuration and details different versions of ports with different names, as well as learns how to apply his first patch In day 16, he dives into the world of FreeBSD jails! *** BSD books in 2014 BSD books are some of the highest quality technical writings available, and MWL has written a good number of them In this post, he details some of his plans for 2014 In includes at least one OpenBSD book, at least one FreeBSD book and... Very strong possibility of Absolute FreeBSD 3rd edition (watch our interview with him) Check the link for all the details *** How to build FreeBSD/EC2 images Our friend Colin Percival details how to build EC2 images in a new blog post Most people just use the images he makes on their instances, but some people will want to make their own from scratch You build a regular disk image and then turn it into an AMI It requires a couple ports be installed on your system, but the whole process is pretty straightforward *** PCBSD weekly digest This time around we discuss how you can become a developer Kris also details the length of supported releases Expect lots of new features in 10.1 *** Feedback/Questions Sean writes in Jake writes in Niclas writes in Steffan writes in Antonio writes in Chris writes in ***

This week on BSD Now... a wrap-up from NYCBSDCon! We'll also be talking to Luke Marsden, CEO of HybridCluster, about how they use BSD at large. Following that, our tutorial will show you how to securely share files with SFTP in a chroot. The latest news and answers to your questions, of course it's BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD 10 as a firewall Back in 2012, the author of this site wrote an article stating you should avoid FreeBSD 9 for a firewall and use OpenBSD instead Now, with the release of 10.0, he's apparently changed his mind and switched back over It mentions the SMP version of pf, general performance advantages and more modern features The author is a regular listener of BSD Now, hi Joe! *** Network Noise Reduction Using Free Tools Really long blog post, based on a BSDCan presentation, about fighting spam with OpenBSD Peter Hansteen, author of the book of PF, goes through how he uses OpenBSD's spamd and other security features to combat spam and malware He goes through his experiences with content filtering and disappointment with a certain proprietary vendor Not totally BSD-specific, lots of people can enjoy the article - lots of virus history as well *** FreeBSD ASLR patches submitted So far, FreeBSD hasn't had Address Space Layout Randomization ASLR is a nice security feature, see wikipedia for more information With a giant patch from Shawn Webb, it might be integrated into a future version (after a vicious review from the security team of course) We might have Shawn on the show to talk about it, but he's also giving a presentation at BSDCan about his work with ASLR *** Old-style pkg_ tools retired At last the old pkg_add tools are being retired in FreeBSD pkgng is a huge improvement, and now portmgr@ thinks it's time to cut the cord on the legacy toolset Ports aren't going away, and probably never will, but for binary package fans and new users that are used to things like apt, pkgng is the way to go All pkg_ tools will be considered unsupported on September 1, 2014 - even on older branches *** Interview - Luke Marsden - [email protected] / @lmarsden BSD at HybridCluster Tutorial Filesharing with chrooted SFTP News Roundup FreeBSD on OpenStack OpenStack is a cloud computing project It consists of "a series of interrelated projects that control pools of processing, storage, and networking resources throughout a datacenter, able to be managed or provisioned through a web-based dashboard, command-line tools, or a RESTful API." Until now, there wasn't a good way to run a full BSD instance on OpenStack With a project in the vein of Colin Percival's AWS startup scripts, now that's no longer the case! *** FOSDEM BSD videos This year's FOSDEM had seven BSD presentations The videos are slowly being uploaded for your viewing pleasure Not all of the BSD ones are up yet, but by the time you're watching this they might be! Check this directory for most of 'em The BSD dev room was full, lots of interest in what's going on from the other communities *** The FreeBSD challenge finally returns! Due to prodding from a certain guy of a certain podcast, the "FreeBSD Challenge" series has finally resumed Our friend from the Linux foundation picks up with day 11 and day 12 on his switching from Linux journey This time he outlines the upgrade process of going from 9 to 10, using freebsd-update There's also some notes about different options for upgrading ports and some extra tips *** PCBSD weekly digest After the big 10.0 release, the PCBSD crew is focusing on bug fixes for a while During their "fine tuning phase" users are encouraged to submit any and all bugs via the trac system Warden got some fixes and the package manager got some updates as well Huge size reduction in PBI format *** Feedback/Questions Derrick writes in Sean writes in Patrick writes in Peter writes in Sean writes in ***

On this week's episode, we'll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we've got a tutorial on how to run your own NTP server. News, your feedback and even... the winner of our tutorial contest will be announced! So stay tuned to BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation's 2013 fundraising results The FreeBSD foundation finally counted all the money they made in 2013 $768,562 from 1659 donors Nice little blog post from the team with a giant beastie picture "We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon." A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook) *** OpenSSH 6.5 released We mentioned the CFT last week, and it's finally here! New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519 (now the default when both clients support it) Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can't even attempt to login lol~ New bcrypt private key type, 500,000,000 times harder to brute force Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one Portable version already in FreeBSD -CURRENT, and ports Lots more bugfixes and features, see the full release note or our interview with Damien Work has already started on 6.6, which can be used without OpenSSL! *** Crazed Ferrets in a Berkeley Shower In 2000, MWL wrote an essay for linux.com about why he uses the BSD license: "It’s actually stood up fairly well to the test of time, but it’s fourteen years old now." This is basically an updated version about why he uses the BSD license, in response to recent comments from Richard Stallman Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL Check out the full post if you're one of those people that gets into license arguments The takeaway is "BSD is about making the world a better place. For everyone." *** OpenBSD on BeagleBone Black Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi A blog post about installing OpenBSD on a BBB from.. our guest for today! He describes it as "everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black" It goes through the whole process, details different storage options and some workarounds Could be a really fun weekend project if you're interested in small or embedded devices *** Interview - Ted Unangst - [email protected] / @tedunangst OpenBSD's signify infrastructure, ZFS on OpenBSD Tutorial Running an NTP server News Roundup Getting started with FreeBSD A new video and blog series about starting out with FreeBSD The author has been a fan since the 90s and has installed it on every server he's worked with He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users The first video is the installation, then he goes on to packages and other topics - 4 videos so far *** More OpenBSD hackathon reports As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work This summary goes into detail about all the stuff he got done there *** X11 in a jail We've gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can! A new tunable option will let jails access /dev/kmem and similar device nodes Along with a change to DRM, this allows full X11 in a jail Be sure to check out our jail tutorial and jailed VNC tutorial for ideas *** PCBSD weekly digest 10.0 "Joule Edition" finally released! AMD graphics are now officially supported GNOME3, MATE and Cinnamon desktops are available Grub updates and fixes PCBSD also got a mention in eweek *** Feedback/Questions Justin writes in Daniel writes in Martin writes in Alex writes in - unofficial FreeBSD RPI Images James writes in John writes in ***

This time on the show, we'll be talking with George Neville-Neil about the brand new FreeBSD Journal and what it's all about. After that, we've got a tutorial on how to track the -stable and -current branches of OpenBSD. Answers to all your BSD questions and the latest headlines, only on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD quarterly status report Gabor Pali sent out the October-December 2013 status report to get everyone up to date on what's going on The report contains 37 entries and is very very long... various reports from all the different teams under the FreeBSD umbrella, probably too many to even list in the show notes Lots of work going on in the ARM world, EC2/Xen and Google Compute Engine are also improving Secure boot support hopefully coming [by mid-year](www.itwire.com/business-it-news/open-source/62855-freebsd-to-support-secure-boot-by-mid-year) There's quite a bit going on in the FreeBSD world, many projects happening at the same time *** n2k14 OpenBSD Hackathon Report Recently, OpenBSD held one of their hackathons in New Zealand 15 developers gathered there to sit in a room and write code for a few days Philip Guenther brings back a nice report of the event If you've been watching the -current CVS logs, you've seen the flood of commits just from this event alone Fixes with threading, Linux compat, ACPI, and various other things - some will make it into 5.5 and others need more testing Another report from Theo details his work Updates to the random subsystem, some work-in-progress pf fixes, suspend/resume fixes and more signing stuff *** Four new NetBSD releases NetBSD released versions 6.1.3, 6.0.4, 5.2.2 and 5.1.4 These updates include lots of bug fixes and some security updates, not focused on new features You can upgrade depending on what branch you're currently on Confused about the different branches? See this graph. *** The future of open source ZFS development On February 11, 2014, Matt Ahrens will be giving a presentation about ZFS The talk will be about the future of ZFS and the open source development since Oracle closed the code It's in San Jose, California - go if you can! *** Interview - George Neville-Neil - [email protected] / @gvnn3 The FreeBSD Journal Tutorial Tracking -STABLE and -CURRENT (OpenBSD) News Roundup pfSense news and 2.1.1 snapshots pfSense has some snapshots available for the upcoming 2.1.1 release They include FreeBSD security fixes as well as some other updates There are recordings posted of some of the previous hangouts Unfortunately they're only for subscribers, so you'll have to wait until next month when we have Chris on the show to talk about pfSense! *** FreeBSD on Google Compute Engine Recently we mentioned some posts about getting OpenBSD to run on GCE, here's the FreeBSD version Nice big fat warning: "The team has put together a best-effort posting that will get most, if not all, of you up and running. That being said, we need to remind you that FreeBSD is being supported on Google Compute Engine by the community. The instructions are being provided as-is and without warranty." Their instructions are a little too Linuxy (assuming wget, etc.) for our taste, someone should probably get it updated! Other than that it's a pretty good set of instructions on how to get up and running *** Dragonfly ACPI update Sascha Wildner committed some new ACPI code There's also a "heads up" to update your BIOS if you experience problems Check the mailing list post for all the details *** PCBSD weekly digest 10.0-RC4 users need to upgrade all their packages for 10.0-RC5 PBIs needed to be rebuilt.. actually everything did Help test GNOME 3 so we can get it in the official ports tree By the way, I think Kris has an announcement - PCBSD 10.0 is out! *** Feedback/Questions Tony writes in Jeff writes in Remy writes in Nils writes in Solomon writes in ***

This time on the show, we've got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE - yes it's finally here! We're gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we'll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We've got a round of your questions and the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD 10.0-RELEASE is out The long awaited, giant release of FreeBSD is now official and ready to be downloaded One of the biggest releases in FreeBSD history, with tons of new updates Some features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system... the list goes on and on Start up your freebsd-update or do a source-based upgrade *** OpenSSH 6.5 CFT Our buddy Damien Miller announced a Call For Testing for OpenSSH 6.5 Huge, huge release, focused on new features rather than bugfixes (but it includes those too) New ciphers, new key formats, new config options, see the mailing list for all the details Should be in OpenBSD 5.5 in May, look forward to it - but also help test on other platforms! *** DIY NAS story, FreeNAS 9.2.1-BETA Another new blog post about FreeNAS! Instead of updating the older tutorials, the author started fresh and wrote a new one for 2014 "I did briefly consider suggesting nas4free for the EconoNAS blog, since it’s essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn’t recommend anything other than FreeNAS" Really long article with lots of nice details about his setup, why you might want a NAS, etc. Speaking of FreeNAS, they released 9.2.1-BETA with lots of bugfixes *** OpenBSD needed funding for electricity.. and they got it Briefly mentioned at the end of last week's show, but has blown up over the internet since OpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments They needed about $20,000 to cover electric costs for the server rack in Theo's basement Lots of positive reaction from the community helping out so far, and it appears they have reached their goal and got $100,000 in donations From Bob Beck: "we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation" This is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large *** Interview - Colin Percival - [email protected] / @cperciva FreeBSD on Amazon EC2, backups with Tarsnap, 10.0-RELEASE, various topics Tutorial Bandwidth monitoring and testing News Roundup pfSense talk at Tokyo FreeBSD Benkyoukai Isaac Levy will be presenting "pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments" He's also going to be looking for help to translate the pfSense documentation into Japanese The event is on February 17, 2014 if you're in the Tokyo area *** m0n0wall 1.8.1 released For those who don't know, m0n0wall is an older BSD-based firewall OS that's mostly focused on embedded applications pfSense was forked from it in 2004, and has a lot more active development now They switched to FreeBSD 8.4 for this new version Full list of updates in the changelog This version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no! *** Ansible and PF, plus NTP Another blog post from our buddy Michael Lucas There've been some NTP amplification attacks recently in the news The post describes how he configured ntpd on a lot of servers without a lot of work He leverages pf and ansible for the configuration OpenNTPD is, not surprisingly, unaffected - use it *** ruBSD videos online Just a quick followup from a few weeks ago Theo and Henning's talks from ruBSD are now available for download There's also a nice interview with Theo *** PCBSD weekly digest 10.0-RC4 images are available Wine PBI is now available for 10 9.2 systems will now be able to upgrade to version 10 and keep their PBI library *** Feedback/Questions Sha'ul writes in Kjell-Aleksander writes in Mike writes in Charlie writes in (and gets a reply) Kevin writes in ***

It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines OpenBSD automatic installation A CFT (call for testing) was posted for OpenBSD's new automatic installer process Using this new system, you can spin up fully-configured OpenBSD installs very quickly It will answer all the questions for you and can put files into place and start services Great for large deployments, help test it and report your findings *** FreeNAS install guide and blog posts A multipart series on YouTube about installing FreeNAS In part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware In part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools He pronounces gigabytes as jiggabytes and it's hilarious We've also got an unrelated blog post about a very satisfied FreeNAS user who details his setup As well as another blog post from our old pal Devin Teske about his recent foray into the FreeNAS development world *** FreeBSD 10.0-RC5 is out Another, unexpected RC is out for 10.0 Minor fixes included, please help test and report any bugs You can update via freebsd-update or from source Hopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about It's been tagged -RELEASE in SVN already too! *** OpenBSD 5.5-beta is out Theo updated the branch status to 5.5-beta A list of changes Help test and report any bugs you find Lots of rapid development with signify (which we mentioned last week), the beta includes some "test keys" Does that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon) *** Interview - Neel Natu & Peter Grehan - [email protected] & [email protected] BHyVe - the BSD hypervisor Tutorial Virtualization with bhyve News Roundup Hostname canonicalisation in OpenSSH Blog post from our friend Damien Miller This new feature allows clients to canonicalize unqualified domain names SSH will know if you typed "ssh bsdnow" you meant "ssh bsdnow.tv" with new config options This will help clean up some ssh configs, especially if you have many hosts Should make it into OpenSSH 6.5, which is "due really soon" *** Dragonfly on a Chromebook Some work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook These couple of posts detail some of the things he's got working so far Changes were needed to the boot process, trackpad and wifi drivers needed updating... Also includes a guide written by Dillon on how to get yours working *** Spider in a box "Spiderinabox" is a new OpenBSD-based project Using a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X Firefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way The developer is looking for testers on other operating systems! *** PCBSD weekly digest PCBSD 10 has entered into the code freeze phase They're focusing on fixing bugs now, rather than adding new features The update system got a lot of improvements PBI load times reduced by up to 40%! what!!! *** Feedback/Questions Scott writes in Chris writes in SW writes in Ole writes in Gertjan writes in ***

We've got some special treats for you this week on the show. It's the long-awaited "installfest" segment, where we go through the installer of each of the different BSDs. Of course we also have your feedback and the latest news as well... and... we even have our very first viewer contest! There's a lot to get to today on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD's new testing infrastructure A new test suite was added to FreeBSD, with 3 powerful machines available Both -CURRENT and stable/10 have got the test suite build infrastructure in place Designed to help developers test and improve major scalability across huge amounts of CPUs and RAM More details available here Could the iXsystems monster server be involved...? *** OpenBSD gets signify At long last, OpenBSD gets support for signed releases! For "the world's most secure OS" it was very easy to MITM kernel patches, updates, installer isos, everything A commit to the -current tree reveals a new "signify" tool is currently being kicked around More details in a blog post from the guy who committed it Quote: "yeah, briefly, the plan is to sign sets and packages. that's still work in progress." *** Faces of FreeBSD This time they interview Isabell Long She's a volunteer staff member on the freenode IRC network In 2011, she participated in the Google Code-In contest and became involved with documentation "The new committer mentoring process proved very useful and that, plus the accepting community of FreeBSD, are reasons why I stay involved." *** pkgsrc-2013Q4 branched The quarterly pkgsrc branch from NetBSD is out 13472 total packages for NetBSD-current/amd64 + 13049 binary packages built with clang! Lots of numbers and stats in the announcement pkgsrc works on quite a few different OSes, not just NetBSD See our interview with Amitai Schlair for a bit about pkgsrc *** OpenBSD on Google's Compute Engine Google Compute Engine is a "cloud computing" platform similar to EC2 Unfortunately, they only offer poor choices for the OS (Debian and CentOS) Recently it's been announced that there is a custom OS option It's using a WIP virtio-scsi driver, lots of things still need more work Lots of technical and networking details about the struggles to get OpenBSD working on it *** The Installfest We'll be showing you the installer of each of the main BSDs. As of the date this episode airs, we're using: FreeBSD 10.0 OpenBSD 5.4 NetBSD 6.1.2 DragonflyBSD 3.6 PCBSD 10.0 *** News Roundup Building an OpenBSD wireless access point A neat write up we found around the internet about making an OpenBSD wifi router Goes through the process of PXE booting, installing base, using a serial console, setting up networking and wireless Even includes a puffy sticker on the Soekris box at the end, how cute *** FreeBSD 4.X jails on 10.0 Blog entry from our buddy Michael Lucas For whatever reason (an "in-house application"), he needed to run a FreeBSD 4 jail in FreeBSD 10 Talks about the options he had: porting software, virtualizing, dealing with slow old hardware He goes through the whole process of making an ancient jail It's "an acceptable trade-off, if it means I don’t have to touch actual PHP code." *** Unscrewed: a story about OpenBSD Pretty long blog post about how a network admin used OpenBSD to save the day To set the tone, "It was 5am, and the network was down" Great war story about replacing expensive routers and networking equipment with cheaper hardware and BSD Mentions a lot of the built in tools and how OpenBSD is great for routers and high security applications *** PCBSD weekly digest 10.0-RC3 is out and ready to be tested New detection of ATI Hybrid Graphics, they're working on nVidia next Re-classifying Linux jails as unsupported / experimental *** Feedback/Questions Daniel writes in Erik writes in SW writes in [Bostjan writes in[(http://slexy.org/view/s20N9bfkum) Samuel writes in ***

Put away the Christmas trees and update your ports trees! We're back with the first show of 2014, and we've got some catching up to do. This time on the show, we have an interview with Baptiste Daroussin about the future of FreeBSD binary packages. Following that, we'll be highlighting a cool script to do binary upgrades on OpenBSD. Lots of holiday news and listener feedback, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Faces of FreeBSD continues Our first one details Shteryana Shopova, the local organizer for EuroBSDCon 2014 in Sophia Gives some information about how she got into BSD "I installed FreeBSD on my laptop, alongside the Windows and Slackware Linux I was running on it at the time. Several months later I realized that apart from FreeBSD, I hadn't booted the other two operating systems in months. So I wiped them out." She wrote bsnmpd and extended it with the help of a grant from the FreeBSD Foundation We've also got one for Kevin Martin Started off with a pinball website, ended up learning about FreeBSD from an ISP and starting his own hosting company "FreeBSD has been an asset to our operations, and while we have branched out a bit, we still primarily use FreeBSD and promote it whenever possible. FreeBSD is a terrific technology with a terrific community." *** OpenPF? A blog post over at the Dragonfly digest What if we had some cross platform development of OpenBSD's firewall? Similar to portable OpenSSH or OpenZFS, there could be a centrally-developed version with compatibility glue Right now FreeBSD 9's pf is old, FreeBSD 10's pf is old (but has the best performance of any implementation due to custom patches), NetBSD's pf is old (but they're working on a fork) and Dragonfly's pf is old Further complicated by the fact that PF itself doesn’t have a version number, since it was designed to just be ‘the pf that came with OpenBSD 5.4’ Not likely to happen any time soon, but it's good food for thought *** Year of BSD on the server A good blog post about switching servers from Linux to BSD 2014 is going to be the year of a lot of switching, due to FreeBSD 10's amazing new features This author was particularly taken with pkgng and the more coherent layout of BSD systems Similarly, there was also a recent reddit thread, "Why did you choose BSD over Linux?" Both are excellent reads for Linux users that are thinking about making the switch, send 'em to your friends *** Getting to know your portmgr This time in the series they interview Bryan Drewery, a fairly new addition to the team He started maintaining portupgrade and portmaster, and eventually ended up on the ports management team Believe it or not, his wife actually had a lot to do with him getting into FreeBSD full-time Lots of fun trivia and background about him Speaking of portmgr, our interview for today is... *** Interview - Baptiste Daroussin - [email protected] The future of FreeBSD's binary packages, ports' features, various topics News Roundup pfSense december hang out Interview/presentation from pfSense developer Chris Buechler with an accompanying blog post "This is the first in what will be a monthly recurring series. Each month, we’ll have a how to tutorial on a specific topic or area of the system, and updates on development and other happenings with the project. We have several topics in mind, but also welcome community suggestions on topics" Speaking of pfSense, they recently opened an online store We're planning on having a pfSense episode next month! *** BSDMag December issue is out The free monthly BSD magazine gets a new release for December Topics include CARP on FreeBSD, more BSD programming, "unix basics for security professionals," some kernel introductions, using OpenBSD as a transparent proxy with relayd, GhostBSD overview and some stuff about SSH *** OpenBSD gets tmpfs In addition to the recently-added FUSE support, OpenBSD now has tmpfs To get more testing, it was enabled by default in -current Should make its way into 5.5 if everything goes according to plan Enables lots of new possibilities, like our ccache and tmpfs guide *** PCBSD weekly digests Catching up with all the work going on in PCBSD land.. 10.0-RC2 is now available The big pkgng 1.2 problems seem to have been worked out *** Feedback/Questions Remy writes in Jason writes in Rob writes in John writes in Stuart writes in ***

Merry Christmas everyone! We're taking the holiday off and just have an interview for you today. We sat down with Scott Long to discuss using FreeBSD at Netflix and lots of other things. Next week we will return with the normal round of news and tutorials. This episode was brought to you by Interview - Scott Long - [email protected] FreeBSD at Netflix, OpenConnect, network performance, various topics

This time on the show, we'll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller - one of the lead developers of OpenSSH - about some recent crypto changes in the project. If you're into data security, today's the show for you. The latest news and all your burning questions answered, right here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Secure communications with OpenBSD and OpenVPN Starting off today's theme of encryption... A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic Part 1 covers installing OpenBSD with full disk encryption (which we'll be doing later on in the show) Part 2 covers the initial setup of OpenVPN certificates and keys Parts 3 and 4 are the OpenVPN server and client configuration Part 5 is some updates and closing remarks *** FreeBSD Foundation Newsletter The December 2013 semi-annual newsletter was sent out from the foundation In the newsletter you will find the president's letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored The president's letter alone is worth the read, really amazing Really long, with lots of details and stories from the conferences and projects *** Use of NetBSD with Marvell Kirkwood Processors Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer The IP-Plug is a "multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger)." Really cool little NetBSD ARM project with lots of graphs, pictures and details *** Experimenting with zero-copy network IO Long blog post from Adrian Chadd about zero-copy network IO on FreeBSD Discusses the different OS' implementations and options He's able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn't stopping there Tons of details, check the full post *** Interview - Damien Miller - [email protected] / @damienmiller Cryptography in OpenBSD and OpenSSH Tutorial Full disk encryption in FreeBSD & OpenBSD News Roundup OpenZFS office hours Our buddy George Wilson sat down to take some ZFS questions from the community You can see more info about it here *** License summaries in pkgng A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng Similar to pkgsrc's "ACCEPTABLE_LICENSES" setting, pkgng could let the user decide which software licenses he wants to allow Maybe we could get a "pkg licenses" command to display the license of all installed packages Ok bapt, do it *** The FreeBSD challenge continues Checking in with our buddy from the Linux foundation... The switching from Linux to FreeBSD blog series continues for his month-long trial Follow up from last week: "As a matter of fact, I did check out PC-BSD, and wanted the challenge. Call me addicted to pain and suffering, but the pride and accomplishment you feel from diving into FreeBSD is quite rewarding." Since we last mentioned it, he's decided to go from a VM to real hardware, got all of his common software installed, experimented with the Linux emulation, set up virtualbox, learned about slices/partitions/disk management, found BSD alternatives to his regularly-used commands and lots more *** Ports gets a stable branch For the first time ever, FreeBSD's ports tree will have a maintained "stable" branch This is similar to how pkgsrc does things, with a rolling release for updated software and stable branch for only security and big fixes All commits to this branch require approval of portmgr, looks like it'll start in 2014Q1 *** Feedback/Questions John writes in Spencer writes in Campbell writes in Sha'ul writes in Clint writes in ***

This time on the show, we'll be looking at the new version of FreeNAS, a BSD-based network attached storage solution, as well as talking to Josh Paetzel - one of the key developers of FreeNAS. Actually, he's on the FreeBSD release engineering team too, and does quite a lot for the project. We've got answers to your viewer-submitted questions and plenty of news to cover, so get ready for some BSD Now - the place to B.. SD. This episode was brought to you by Headlines More faces of FreeBSD Another installment of the FoF series This time they talk with Reid Linnemann who works at Spectra Logic Gives a history of all the different jobs he's done, all the programming languages he knows Mentions how he first learned about FreeBSD, actually pretty similar to Kris' story "I used the system to build and install ports, and explored, getting actively involved in the mailing lists and forums, studying, passing on my own limited knowledge to those who could benefit from it. I pursued my career in the open source software world, learning the differences in BSD and GNU licensing and the fragmented nature of Linux distributions, realizing the FreeBSD community was more mature and well distributed about industry, education, and research. Everything steered me towards working with and on FreeBSD." Now works on FreeBSD as his day job The second one covers Brooks Davis FreeBSD committer since 2001 and core team member from 2006 through 2012 He's helped drive our transition from a GNU toolchain to a more modern LLVM-based toolchain "One of the reasons I like FreeBSD is the community involved in the process of building a principled, technically-advanced operating system platform. Not only do we produce a great product, but we have fun doing it." Lots more in the show notes *** We cannot trust Intel and Via’s chip-based crypto We woke up to see FreeBSD on the front page of The Register, Ars Technica, Slashdot and Hacker News for their strong stance on security and respecting privacy At the EuroBSDCon dev summit, there was some discussion about removing support for hardware-based random number generators. FreeBSD's /dev/random got some updates and, for 10.0, will no longer allow the use of Intel or VIA's hardware RNGs as the sole point of entropy "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more" *** OpenSMTPD 5.4.1 released The OpenBSD developers came out with major a new version Improved config syntax (please check your smtpd.conf before upgrading) Adds support for TLS Perfect Forward Secrecy and custom CA certificate MTA, Queue and SMTP server improvements SNI support confirmed for the next version Check the show notes for the full list of changes, pretty huge release Watch Episode 3 for an interview we did with the developers *** More getting to know your portmgr The portmgr secretary, Thomas Abthorpe, interviews... himself! Joined as -secretary in March 2010, upgraded to full member in March 2011 His inspiration for using BSD is "I wanted to run a webserver, and I wanted something free. I was going to use something linux, then met up with a former prof from university, and shared my story with him. He told me FreeBSD was the way to go." Mentions how he loves that anyone can contribute and watch it "go live" The second one covers Baptiste Daroussin The reason for his nick, bapt, is "Baptiste is too long to type" There's even a video of bapt joining the team! *** Interview - Santa Clause - [email protected] / @freenasteam FreeNAS 9.2.0 Note: we originally scheduled the interview to be with Josh Paetzel, but Santa showed up instead. Tutorial FreeNAS walkthrough News Roundup Introducing configinit CloudInit is "a system originally written for Ubuntu which performs configuration of a system at boot-time based on user-data provided via EC2" Wasn't ideal for FreeBSD since it requires python and is designed around the concept of configuring a system by running commands (rather than editing configuration files) Colin Percival came up with configinit, a FreeBSD alternative Alongside his new "firstboot-pkgs" port, it can spin up a webserver in 120 seconds from "launch" of the EC2 instance Check the show notes for full blog post *** OpenSSH support for Ed25519 and bcrypt keys New Ed25519 key support (hostkeys and user identities) using the public domain ed25519 reference code SSH private keys were encrypted with a symmetric key that's just an MD5 of their password Now they'll be using bcrypt by default We'll get more into this in next week's interview *** The FreeBSD challenge A member of the Linux foundation blogs about using FreeBSD Goes through all the beginner steps, has to "unlearn" some of his Linux ways Only a few po

This week is the long-awaited episode you've been asking for! We'll be giving you a crash course on becoming a ZFS wizard, as well as having a chat with George Wilson about the OpenZFS project's recent developments. We have answers to your feedback emails and there are some great news items to get caught up on too, so stay tuned to BSD Now - the place to B.. SD. Headlines pkgng 1.2 released bapt and bdrewery from the portmgr team released pkgng 1.2 final New features include an improved build system, plugin improvements, new bootstrapping command, SRV mirror improvements, a new "pkg config" command, repo improvements, vuXML is now default, new fingerprint features and much more Really simple to upgrade, check our pkgng tutorial if you want some easy instructions It's also made its way into Dragonfly See the show notes for the full list of new features and fixes *** ChaCha20 and Poly1305 in OpenSSH Damien Miller recently committed support for a new authenticated encryption cipher for OpenSSH, chacha20-poly1305 Long blog post explaining what these are and why we need them This cipher combines two primitives: the ChaCha20 cipher and the Poly1305 MAC RC4 is broken, we needed an authenticated encryption mode to complement AES-GCM that doesn't show the packet length in cleartext Great explanation of the differences between EtM, MtE and EaM and their advantages "Both AES-GCM and the EtM MAC modes have a small downside though: because we no longer desire to decrypt the packet as we go, the packet length must be transmitted in plaintext. This unfortunately makes some forms of traffic analysis easier as the attacker can just read the packet lengths directly." *** Is it time to dump Linux and move to BSD ITworld did an article about switching from Linux to BSD The author's interest was sparked from a review he was reading that said "I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (pkgng), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0" The whole article can be summed up with "yes" - ok, next story! *** OpenZFS devsummit videos The OpenZFS developer summit discussion and presentation videos are up People from various operating systems (FreeBSD, Mac OS X, illumos, etc.) were there to discuss ZFS on their platforms and the challenges they faced Question and answer session from representatives of every OS - had a couple FreeBSD guys there including one from the foundation Presentations both about ZFS itself and some hardware-based solutions for implementing ZFS in production TONS of video, about 6 hours' worth This leads us into our interview, which is... *** Interview - George Wilson - [email protected] / @zfsdude OpenZFS Tutorial A crash course on ZFS News Roundup ruBSD 2013 information The ruBSD 2013 conference will take place on Saturday December 14, 2013 at 10:30 AM in Moscow, Russia Speakers include three OpenBSD developers, Theo de Raadt, Henning Brauer and Mike Belopuhov Their talks are titled "The bane of backwards compatibility," "OpenBSD's pf: Design, Implementation and Future" and "OpenBSD: Where crypto is going?" No word on if there will be video recordings, but we'll let you know if that changes *** DragonFly roadmap, post 3.6 John Marino posted a possible roadmap for DragonFly, now that they're past the 3.6 release He wants some third party vendor software updated from very old versions (WPA supplicant, bmake, binutils) Plans to replace GCC44 with Clang, but GCC47 will probably be the primary compiler still Bring in fixes and new stuff from FreeBSD 10 *** BSDCan 2014 CFP BSDCan 2014 will be held on May 16-17 in Ottawa, Canada They're now accepting proposals for talks If you are doing something interesting with a BSD operating system, please submit a proposal We'll be getting lots of interviews there *** casperd added to -CURRENT "It (and its services) will be responsible forgiving access to functionality that is not available in capability modes and box. The functionality can be precisely restricted." Lists some sysctls that can be controlled *** ZFS corruption bug fixed in -CURRENT Just a quick follow-up from last week, the ZFS corruption bug in FreeBSD -CURRENT was very quickly fixed, before that episode was even uploaded *** Feedback/Questions Chris writes in SW writes in Jason writes in Clint writes in Chris writes in ***